# Flog Txt Version 1 # Analyzer Version: 4.1.1 # Analyzer Build Date: Feb 8 2021 16:19:57 # Log Creation Date: 11.05.2021 03:42:37.999 Process: id = "1" image_name = "sosduf.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\sosduf.exe" page_root = "0x31316000" os_pid = "0xbc4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x838" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\sosduf.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001d5b8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 3 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 5 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 6 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 7 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 8 start_va = 0x1c0000 end_va = 0x401fff monitored = 1 entry_point = 0x21a990 region_type = mapped_file name = "sosduf.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\sosduf.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sosduf.exe") Region: id = 9 start_va = 0x600000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 10 start_va = 0x777c0000 end_va = 0x7793afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 11 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 12 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 13 start_va = 0x7fff0000 end_va = 0x7ff84634ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 14 start_va = 0x7ff846350000 end_va = 0x7ff846510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 15 start_va = 0x7ff846511000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff846511000" filename = "" Region: id = 211 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 212 start_va = 0x77000000 end_va = 0x77079fff monitored = 0 entry_point = 0x77013290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 213 start_va = 0x77080000 end_va = 0x770cffff monitored = 0 entry_point = 0x77098180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 214 start_va = 0x765d0000 end_va = 0x766affff monitored = 0 entry_point = 0x765e3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 215 start_va = 0x770d0000 end_va = 0x770d7fff monitored = 0 entry_point = 0x770d17c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 216 start_va = 0x800000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 217 start_va = 0x765d0000 end_va = 0x766affff monitored = 0 entry_point = 0x765e3980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 218 start_va = 0x76750000 end_va = 0x768cdfff monitored = 0 entry_point = 0x76801b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 219 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 220 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 221 start_va = 0x410000 end_va = 0x4cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 304 start_va = 0x74360000 end_va = 0x743f1fff monitored = 0 entry_point = 0x743a0380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 305 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 306 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 307 start_va = 0x74910000 end_va = 0x7498afff monitored = 0 entry_point = 0x7492e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 308 start_va = 0x74840000 end_va = 0x748fdfff monitored = 0 entry_point = 0x74875630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 309 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 310 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 311 start_va = 0x9a0000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009a0000" filename = "" Region: id = 312 start_va = 0x75180000 end_va = 0x751c3fff monitored = 0 entry_point = 0x75199d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 313 start_va = 0x74480000 end_va = 0x7452cfff monitored = 0 entry_point = 0x74494f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 314 start_va = 0x74410000 end_va = 0x7442dfff monitored = 0 entry_point = 0x7441b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 315 start_va = 0x74400000 end_va = 0x74409fff monitored = 0 entry_point = 0x74402a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 316 start_va = 0x76a20000 end_va = 0x76a77fff monitored = 0 entry_point = 0x76a625c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 317 start_va = 0xaa0000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 318 start_va = 0x6ca60000 end_va = 0x6ca83fff monitored = 0 entry_point = 0x6ca64820 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\SysWOW64\\winmm.dll" (normalized: "c:\\windows\\syswow64\\winmm.dll") Region: id = 319 start_va = 0x74cb0000 end_va = 0x74df6fff monitored = 0 entry_point = 0x74cc1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 320 start_va = 0x6ca30000 end_va = 0x6ca52fff monitored = 0 entry_point = 0x6ca38940 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\SysWOW64\\winmmbase.dll" (normalized: "c:\\windows\\syswow64\\winmmbase.dll") Region: id = 321 start_va = 0x74750000 end_va = 0x74786fff monitored = 0 entry_point = 0x74753b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 322 start_va = 0x74a40000 end_va = 0x74b8efff monitored = 0 entry_point = 0x74af6820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 323 start_va = 0x510000 end_va = 0x539fff monitored = 0 entry_point = 0x515680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 324 start_va = 0xb90000 end_va = 0xd17fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 325 start_va = 0x74b90000 end_va = 0x74bbafff monitored = 0 entry_point = 0x74b95680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 326 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 327 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 328 start_va = 0xd20000 end_va = 0xea0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 329 start_va = 0xeb0000 end_va = 0x22affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000eb0000" filename = "" Region: id = 330 start_va = 0x77740000 end_va = 0x7779efff monitored = 0 entry_point = 0x77744af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 331 start_va = 0x520000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 332 start_va = 0x560000 end_va = 0x562fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 333 start_va = 0x22b0000 end_va = 0x124e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 334 start_va = 0x124f0000 end_va = 0x328effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000124f0000" filename = "" Region: id = 335 start_va = 0x12800000 end_va = 0x327fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012800000" filename = "" Region: id = 336 start_va = 0x570000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 337 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 338 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 339 start_va = 0x74bc0000 end_va = 0x74c03fff monitored = 0 entry_point = 0x74bc7410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 340 start_va = 0x5c0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 341 start_va = 0x900000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 342 start_va = 0x124f0000 end_va = 0x125effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000124f0000" filename = "" Region: id = 343 start_va = 0x125f0000 end_va = 0x126effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000125f0000" filename = "" Region: id = 344 start_va = 0x940000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 345 start_va = 0x126f0000 end_va = 0x127effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000126f0000" filename = "" Region: id = 346 start_va = 0xaa0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 347 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 348 start_va = 0x32800000 end_va = 0x328fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032800000" filename = "" Region: id = 349 start_va = 0x980000 end_va = 0x982fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui") Region: id = 350 start_va = 0xae0000 end_va = 0xb2efff monitored = 0 entry_point = 0xaed850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 351 start_va = 0x980000 end_va = 0x982fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui") Region: id = 352 start_va = 0xae0000 end_va = 0xb2efff monitored = 0 entry_point = 0xaed850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 353 start_va = 0x980000 end_va = 0x987fff monitored = 0 entry_point = 0x9819c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 354 start_va = 0x990000 end_va = 0x990fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 355 start_va = 0x980000 end_va = 0x987fff monitored = 0 entry_point = 0x9819c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 356 start_va = 0x990000 end_va = 0x990fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 357 start_va = 0xae0000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 358 start_va = 0xb20000 end_va = 0xb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 359 start_va = 0x32900000 end_va = 0x3293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032900000" filename = "" Region: id = 360 start_va = 0x32940000 end_va = 0x32a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032940000" filename = "" Region: id = 361 start_va = 0x32a40000 end_va = 0x32aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032a40000" filename = "" Region: id = 362 start_va = 0x32af0000 end_va = 0x32b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032af0000" filename = "" Region: id = 363 start_va = 0x32b30000 end_va = 0x32c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032b30000" filename = "" Region: id = 364 start_va = 0x32c30000 end_va = 0x32c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032c30000" filename = "" Region: id = 365 start_va = 0x32c70000 end_va = 0x32d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032c70000" filename = "" Region: id = 366 start_va = 0x32d70000 end_va = 0x32daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032d70000" filename = "" Region: id = 367 start_va = 0x32db0000 end_va = 0x32eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032db0000" filename = "" Region: id = 368 start_va = 0x32eb0000 end_va = 0x32eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032eb0000" filename = "" Region: id = 369 start_va = 0x32ef0000 end_va = 0x32feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032ef0000" filename = "" Region: id = 370 start_va = 0x32ff0000 end_va = 0x3302ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000032ff0000" filename = "" Region: id = 371 start_va = 0x33030000 end_va = 0x3312ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033030000" filename = "" Region: id = 372 start_va = 0x33130000 end_va = 0x3316ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033130000" filename = "" Region: id = 373 start_va = 0x33170000 end_va = 0x3326ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033170000" filename = "" Region: id = 374 start_va = 0x33270000 end_va = 0x332affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033270000" filename = "" Region: id = 375 start_va = 0x332b0000 end_va = 0x333affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000332b0000" filename = "" Region: id = 376 start_va = 0x333b0000 end_va = 0x333effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000333b0000" filename = "" Region: id = 377 start_va = 0x333f0000 end_va = 0x334effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000333f0000" filename = "" Region: id = 378 start_va = 0x334f0000 end_va = 0x3352ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000334f0000" filename = "" Region: id = 379 start_va = 0x33530000 end_va = 0x3362ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033530000" filename = "" Region: id = 380 start_va = 0x33630000 end_va = 0x3366ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033630000" filename = "" Region: id = 381 start_va = 0x33670000 end_va = 0x3376ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033670000" filename = "" Region: id = 382 start_va = 0x33770000 end_va = 0x337affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033770000" filename = "" Region: id = 383 start_va = 0x337b0000 end_va = 0x338affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000337b0000" filename = "" Region: id = 384 start_va = 0x338b0000 end_va = 0x338effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000338b0000" filename = "" Region: id = 385 start_va = 0x338f0000 end_va = 0x339effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000338f0000" filename = "" Region: id = 386 start_va = 0x339f0000 end_va = 0x33a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000339f0000" filename = "" Region: id = 387 start_va = 0x33a30000 end_va = 0x33b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033a30000" filename = "" Region: id = 388 start_va = 0x33b30000 end_va = 0x33b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033b30000" filename = "" Region: id = 389 start_va = 0x33b70000 end_va = 0x33c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033b70000" filename = "" Region: id = 390 start_va = 0x980000 end_va = 0x983fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 391 start_va = 0x33c70000 end_va = 0x33caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033c70000" filename = "" Region: id = 392 start_va = 0x33cb0000 end_va = 0x33daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033cb0000" filename = "" Region: id = 393 start_va = 0x33db0000 end_va = 0x33deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033db0000" filename = "" Region: id = 394 start_va = 0x33df0000 end_va = 0x33eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033df0000" filename = "" Region: id = 395 start_va = 0x33ef0000 end_va = 0x33f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033ef0000" filename = "" Region: id = 396 start_va = 0x33f30000 end_va = 0x3402ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000033f30000" filename = "" Region: id = 397 start_va = 0x34030000 end_va = 0x3406ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034030000" filename = "" Region: id = 398 start_va = 0x34070000 end_va = 0x3416ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034070000" filename = "" Region: id = 399 start_va = 0x34170000 end_va = 0x341affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034170000" filename = "" Region: id = 400 start_va = 0x341b0000 end_va = 0x342affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000341b0000" filename = "" Region: id = 401 start_va = 0x342b0000 end_va = 0x342effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000342b0000" filename = "" Region: id = 402 start_va = 0x342f0000 end_va = 0x343effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000342f0000" filename = "" Region: id = 403 start_va = 0x343f0000 end_va = 0x3442ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000343f0000" filename = "" Region: id = 404 start_va = 0x34430000 end_va = 0x3452ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034430000" filename = "" Region: id = 405 start_va = 0x34530000 end_va = 0x3456ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034530000" filename = "" Region: id = 406 start_va = 0x34570000 end_va = 0x3466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034570000" filename = "" Region: id = 407 start_va = 0x34670000 end_va = 0x346affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034670000" filename = "" Region: id = 408 start_va = 0x346b0000 end_va = 0x347affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000346b0000" filename = "" Region: id = 409 start_va = 0x347b0000 end_va = 0x347effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000347b0000" filename = "" Region: id = 410 start_va = 0x347f0000 end_va = 0x348effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000347f0000" filename = "" Region: id = 411 start_va = 0x348f0000 end_va = 0x3492ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000348f0000" filename = "" Region: id = 412 start_va = 0x34930000 end_va = 0x34a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034930000" filename = "" Region: id = 413 start_va = 0x34a30000 end_va = 0x34a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034a30000" filename = "" Region: id = 414 start_va = 0x34a70000 end_va = 0x34b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034a70000" filename = "" Region: id = 415 start_va = 0x34b70000 end_va = 0x34baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034b70000" filename = "" Region: id = 416 start_va = 0x34bb0000 end_va = 0x34caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034bb0000" filename = "" Region: id = 417 start_va = 0x34cb0000 end_va = 0x34ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034cb0000" filename = "" Region: id = 418 start_va = 0x34cf0000 end_va = 0x34d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034cf0000" filename = "" Region: id = 419 start_va = 0x34d30000 end_va = 0x34e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034d30000" filename = "" Region: id = 420 start_va = 0x34e30000 end_va = 0x34e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034e30000" filename = "" Region: id = 421 start_va = 0x34e70000 end_va = 0x34f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034e70000" filename = "" Region: id = 422 start_va = 0x34f70000 end_va = 0x34faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034f70000" filename = "" Region: id = 423 start_va = 0x34fb0000 end_va = 0x350affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034fb0000" filename = "" Region: id = 424 start_va = 0x350b0000 end_va = 0x350effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000350b0000" filename = "" Region: id = 425 start_va = 0x350f0000 end_va = 0x351effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000350f0000" filename = "" Region: id = 426 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 427 start_va = 0x351f0000 end_va = 0x3522ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000351f0000" filename = "" Region: id = 428 start_va = 0xb60000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Thread: id = 1 os_tid = 0xec8 [0087.405] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x765d0000 [0087.405] GetProcAddress (hModule=0x765d0000, lpProcName="AddDllDirectory") returned 0x768845e0 [0087.405] GetProcAddress (hModule=0x765d0000, lpProcName="AddVectoredContinueHandler") returned 0x778728d0 [0087.405] GetProcAddress (hModule=0x765d0000, lpProcName="LoadLibraryExA") returned 0x765ea270 [0087.405] GetProcAddress (hModule=0x765d0000, lpProcName="LoadLibraryExW") returned 0x765e7930 [0087.405] LoadLibraryExA (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x800) returned 0x74910000 [0089.704] GetProcAddress (hModule=0x74910000, lpProcName="SystemFunction036") returned 0x74402a60 [0089.705] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x800) returned 0x777c0000 [0089.705] GetProcAddress (hModule=0x777c0000, lpProcName="NtWaitForSingleObject") returned 0x77836cc0 [0089.705] LoadLibraryExA (lpLibFileName="winmm.dll", hFile=0x0, dwFlags=0x800) returned 0x6ca60000 [0091.557] GetProcAddress (hModule=0x6ca60000, lpProcName="timeBeginPeriod") returned 0x6ca64330 [0091.560] GetProcAddress (hModule=0x6ca60000, lpProcName="timeEndPeriod") returned 0x6ca6ca30 [0091.560] LoadLibraryExA (lpLibFileName="ws2_32.dll", hFile=0x0, dwFlags=0x800) returned 0x77740000 [0091.976] GetProcAddress (hModule=0x77740000, lpProcName="WSAGetOverlappedResult") returned 0x777547e0 [0091.976] GetProcAddress (hModule=0x777c0000, lpProcName="wine_get_version") returned 0x0 [0091.976] SetErrorMode (uMode=0x2) returned 0x0 [0091.976] SetErrorMode (uMode=0x8003) returned 0x2 [0091.976] RtlAddVectoredExceptionHandler (FirstHandler=0x1, VectoredHandler=0x21ab30) returned 0x9b0d38 [0091.976] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x21ab40) returned 0x0 [0091.977] SetConsoleCtrlHandler (HandlerRoutine=0x21ab50, Add=1) returned 1 [0091.977] CreateWaitableTimerExW (lpTimerAttributes=0x0, lpTimerName=0x0, dwFlags=0x2, dwDesiredAccess=0x100003) returned 0x0 [0091.977] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0091.977] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x19fe8c, lpSystemAffinityMask=0x19fe88 | out: lpProcessAffinityMask=0x19fe8c, lpSystemAffinityMask=0x19fe88) returned 1 [0091.978] GetSystemInfo (in: lpSystemInfo=0x19fec8 | out: lpSystemInfo=0x19fec8*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507)) [0091.978] SetProcessPriorityBoost (hProcess=0xffffffff, bDisablePriorityBoost=1) returned 1 [0091.979] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x520000 [0091.980] VirtualAlloc (lpAddress=0x0, dwSize=0x3000, flAllocationType=0x2000, flProtect=0x4) returned 0x560000 [0091.980] VirtualAlloc (lpAddress=0x560000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x560000 [0091.980] VirtualAlloc (lpAddress=0x0, dwSize=0x10232000, flAllocationType=0x2000, flProtect=0x4) returned 0x22b0000 [0092.008] VirtualAlloc (lpAddress=0x800000, dwSize=0x20400000, flAllocationType=0x2000, flProtect=0x4) returned 0x0 [0092.009] VirtualAlloc (lpAddress=0x0, dwSize=0x20400000, flAllocationType=0x2000, flProtect=0x4) returned 0x124f0000 [0092.024] VirtualFree (lpAddress=0x124f0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0092.025] VirtualAlloc (lpAddress=0x12800000, dwSize=0x20000000, flAllocationType=0x2000, flProtect=0x4) returned 0x12800000 [0092.038] SystemFunction036 (in: RandomBuffer=0x3e77f0, RandomBufferLength=0x4 | out: RandomBuffer=0x3e77f0) returned 1 [0092.038] VirtualAlloc (lpAddress=0x12800000, dwSize=0x400000, flAllocationType=0x1000, flProtect=0x4) returned 0x12800000 [0092.046] VirtualAlloc (lpAddress=0x22b0000, dwSize=0x41000, flAllocationType=0x1000, flProtect=0x4) returned 0x22b0000 [0092.047] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x3000, flProtect=0x4) returned 0x570000 [0092.047] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0x5a0000 [0092.047] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0x5b0000 [0092.048] VirtualAlloc (lpAddress=0x12800000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12800000 [0092.048] VirtualAlloc (lpAddress=0x12802000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12802000 [0092.048] SystemFunction036 (in: RandomBuffer=0x3e7a60, RandomBufferLength=0x40 | out: RandomBuffer=0x3e7a60) returned 1 [0092.048] VirtualAlloc (lpAddress=0x12804000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12804000 [0092.048] VirtualAlloc (lpAddress=0x12806000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12806000 [0092.049] GetEnvironmentStringsW () returned 0x9b4f40* [0092.049] VirtualAlloc (lpAddress=0x12808000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12808000 [0092.049] VirtualAlloc (lpAddress=0x1280a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1280a000 [0092.049] VirtualAlloc (lpAddress=0x1280c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1280c000 [0092.050] VirtualAlloc (lpAddress=0x1280e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1280e000 [0092.050] VirtualAlloc (lpAddress=0x12810000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12810000 [0092.050] VirtualAlloc (lpAddress=0x12812000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12812000 [0092.051] VirtualAlloc (lpAddress=0x12814000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12814000 [0092.051] VirtualAlloc (lpAddress=0x12816000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12816000 [0092.052] FreeEnvironmentStringsW (penv=0x9b4f40) returned 1 [0092.052] LoadLibraryExA (lpLibFileName="powrprof.dll", hFile=0x0, dwFlags=0x800) returned 0x74bc0000 [0092.298] GetProcAddress (hModule=0x74bc0000, lpProcName="PowerRegisterSuspendResumeNotification") returned 0x74bc5ea0 [0092.299] VirtualAlloc (lpAddress=0x12818000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12818000 [0092.299] VirtualAlloc (lpAddress=0x1281a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1281a000 [0092.299] PowerRegisterSuspendResumeNotification (in: Flags=0x2, Recipient=0x19fe50, RegistrationHandle=0x19fe4c | out: RegistrationHandle=0x19fe4c) returned 0x0 [0092.300] VirtualAlloc (lpAddress=0x1281c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1281c000 [0092.301] VirtualAlloc (lpAddress=0x12820000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12820000 [0092.301] VirtualAlloc (lpAddress=0x12824000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12824000 [0092.301] VirtualAlloc (lpAddress=0x12826000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12826000 [0092.302] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19fe9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19fe9c*=0xf8) returned 1 [0092.302] VirtualQuery (in: lpAddress=0x19feac, lpBuffer=0x19feac, dwLength=0x1c | out: lpBuffer=0x19feac*(BaseAddress=0x19f000, AllocationBase=0xa0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0092.302] VirtualAlloc (lpAddress=0x1282e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1282e000 [0092.302] VirtualAlloc (lpAddress=0x12830000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12830000 [0092.303] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282e240, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0092.303] CloseHandle (hObject=0xfc) returned 1 [0092.304] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282e480, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0092.304] CloseHandle (hObject=0xfc) returned 1 [0092.304] VirtualAlloc (lpAddress=0x12838000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12838000 [0092.305] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282e6c0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0092.305] CloseHandle (hObject=0xfc) returned 1 [0092.305] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xfc [0092.305] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x100 [0092.305] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0092.399] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0092.411] VirtualAlloc (lpAddress=0x1283c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1283c000 [0092.411] VirtualAlloc (lpAddress=0x1283e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1283e000 [0092.411] VirtualAlloc (lpAddress=0x12840000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12840000 [0092.412] VirtualAlloc (lpAddress=0x12842000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12842000 [0092.412] VirtualAlloc (lpAddress=0x12844000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12844000 [0092.412] VirtualAlloc (lpAddress=0x12846000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12846000 [0092.413] VirtualAlloc (lpAddress=0x12848000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12848000 [0092.413] VirtualAlloc (lpAddress=0x1284a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1284a000 [0092.414] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x800) returned 0x765d0000 [0092.414] GetProcAddress (hModule=0x765d0000, lpProcName="GetStdHandle") returned 0x765ea6e0 [0092.414] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0092.414] GetProcAddress (hModule=0x765d0000, lpProcName="SetHandleInformation") returned 0x765f6660 [0092.414] SetHandleInformation (hObject=0x38, dwMask=0x1, dwFlags=0x0) returned 1 [0092.417] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0092.417] SetHandleInformation (hObject=0x3c, dwMask=0x1, dwFlags=0x0) returned 1 [0092.417] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0092.417] SetHandleInformation (hObject=0x40, dwMask=0x1, dwFlags=0x0) returned 1 [0092.417] VirtualAlloc (lpAddress=0x1284c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1284c000 [0092.418] GetProcAddress (hModule=0x765d0000, lpProcName="GetSystemDirectoryW") returned 0x765e9fd0 [0092.418] GetSystemDirectoryW (in: lpBuffer=0x1284c000, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0092.418] VirtualAlloc (lpAddress=0x1284e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1284e000 [0092.418] VirtualAlloc (lpAddress=0x12850000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12850000 [0092.419] LoadLibraryExW (lpLibFileName="ws2_32.dll", hFile=0x0, dwFlags=0x800) returned 0x77740000 [0092.419] GetProcAddress (hModule=0x77740000, lpProcName="WSAStartup") returned 0x77746520 [0092.419] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x128376b4 | out: lpWSAData=0x128376b4) returned 0 [0092.425] VirtualAlloc (lpAddress=0x12852000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12852000 [0092.426] GetProcAddress (hModule=0x765d0000, lpProcName="SetFileCompletionNotificationModes") returned 0x765e9dd0 [0092.426] GetProcAddress (hModule=0x77740000, lpProcName="WSAEnumProtocolsW") returned 0x77757ed0 [0092.426] WSAEnumProtocolsW (in: lpiProtocols=0x12854818, lpProtocolBuffer=0x12854820, lpdwBufferLength=0x12854814 | out: lpProtocolBuffer=0x12854820, lpdwBufferLength=0x12854814) returned 4 [0092.793] GetProcAddress (hModule=0x765d0000, lpProcName="GetConsoleMode") returned 0x765f6f70 [0092.793] GetConsoleMode (in: hConsoleHandle=0x38, lpMode=0x12859960 | out: lpMode=0x12859960) returned 1 [0092.829] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0xae0000 [0092.830] VirtualAlloc (lpAddress=0x12900000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12900000 [0092.830] GetProcAddress (hModule=0x765d0000, lpProcName="GetFileType") returned 0x765f6aa0 [0092.830] VirtualAlloc (lpAddress=0x12902000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12902000 [0092.830] GetFileType (hFile=0x38) returned 0x2 [0092.830] VirtualAlloc (lpAddress=0x12904000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12904000 [0092.830] VirtualAlloc (lpAddress=0x12906000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12906000 [0092.830] VirtualAlloc (lpAddress=0x12908000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12908000 [0092.831] SetEvent (hEvent=0x118) returned 1 [0092.831] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0x12859960 | out: lpMode=0x12859960) returned 1 [0092.835] GetFileType (hFile=0x3c) returned 0x2 [0092.835] VirtualAlloc (lpAddress=0x12886000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12886000 [0092.835] VirtualAlloc (lpAddress=0x12888000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12888000 [0092.835] GetConsoleMode (in: hConsoleHandle=0x40, lpMode=0x12859960 | out: lpMode=0x12859960) returned 1 [0092.838] GetFileType (hFile=0x40) returned 0x2 [0092.838] VirtualAlloc (lpAddress=0x1288a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1288a000 [0092.838] GetProcAddress (hModule=0x765d0000, lpProcName="GetCommandLineW") returned 0x765eaba0 [0092.838] VirtualAlloc (lpAddress=0x1288c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1288c000 [0092.838] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\sosduf.exe\" " [0092.838] VirtualAlloc (lpAddress=0x1288e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1288e000 [0092.839] VirtualAlloc (lpAddress=0x12890000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12890000 [0092.839] VirtualAlloc (lpAddress=0x12892000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12892000 [0092.839] VirtualAlloc (lpAddress=0x12894000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12894000 [0092.840] VirtualAlloc (lpAddress=0x12896000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x12896000 [0092.840] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0xb20000 [0092.840] VirtualAlloc (lpAddress=0x1289c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1289c000 [0092.841] VirtualAlloc (lpAddress=0x1289e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1289e000 [0092.841] VirtualAlloc (lpAddress=0x128a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128a0000 [0092.842] VirtualAlloc (lpAddress=0x128a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128a2000 [0092.842] VirtualAlloc (lpAddress=0x128a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128a4000 [0092.842] VirtualAlloc (lpAddress=0x128a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128a6000 [0092.843] VirtualAlloc (lpAddress=0x128a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128a8000 [0092.843] VirtualAlloc (lpAddress=0x128aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128aa000 [0092.843] VirtualAlloc (lpAddress=0x128ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128ac000 [0092.844] VirtualAlloc (lpAddress=0x128ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128ae000 [0092.846] VirtualAlloc (lpAddress=0x128b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128b0000 [0092.847] GetProcAddress (hModule=0x765d0000, lpProcName="GetEnvironmentVariableW") returned 0x765e9970 [0092.847] GetEnvironmentVariableW (in: lpName="GODEBUG", lpBuffer=0x128b0000, nSize=0x64 | out: lpBuffer="") returned 0x0 [0092.847] VirtualAlloc (lpAddress=0x128b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128b2000 [0092.848] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x765d0000 [0092.848] GetProcAddress (hModule=0x765d0000, lpProcName="GetStdHandle") returned 0x765ea6e0 [0092.848] GetStdHandle (nStdHandle=0xfffffff6) returned 0x38 [0092.848] GetProcAddress (hModule=0x765d0000, lpProcName="SetHandleInformation") returned 0x765f6660 [0092.849] SetHandleInformation (hObject=0x38, dwMask=0x1, dwFlags=0x0) returned 1 [0092.849] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c [0092.849] SetHandleInformation (hObject=0x3c, dwMask=0x1, dwFlags=0x0) returned 1 [0092.849] GetStdHandle (nStdHandle=0xfffffff4) returned 0x40 [0092.849] SetHandleInformation (hObject=0x40, dwMask=0x1, dwFlags=0x0) returned 1 [0092.849] VirtualAlloc (lpAddress=0x128b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128b4000 [0092.849] VirtualAlloc (lpAddress=0x128b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128b6000 [0092.850] VirtualAlloc (lpAddress=0x128b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128b8000 [0092.850] VirtualAlloc (lpAddress=0x128ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128ba000 [0092.850] GetProcAddress (hModule=0x765d0000, lpProcName="GetLogicalDrives") returned 0x765ef410 [0092.851] GetLogicalDrives () returned 0x4 [0092.851] GetProcAddress (hModule=0x765d0000, lpProcName="GetDriveTypeW") returned 0x765f6a10 [0092.851] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0092.851] VirtualAlloc (lpAddress=0x128bc000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x128bc000 [0092.851] SetEvent (hEvent=0x118) returned 1 [0092.851] CreateIoCompletionPort (FileHandle=0xffffffff, ExistingCompletionPort=0x0, CompletionKey=0x0, NumberOfConcurrentThreads=0xffffffff) returned 0x138 [0092.852] GetProcAddress (hModule=0x765d0000, lpProcName="GetFileAttributesExW") returned 0x765f6a40 [0092.852] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12831cec | out: lpFileInformation=0x12831cec*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x31b3b9e4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x852bdfd2, ftLastAccessTime.dwHighDateTime=0x1d705f0, ftLastWriteTime.dwLowDateTime=0x852bdfd2, ftLastWriteTime.dwHighDateTime=0x1d705f0, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0092.852] GetProcAddress (hModule=0x765d0000, lpProcName="CreateFileW") returned 0x765f6890 [0092.852] CreateFileW (lpFileName="C:\\" (normalized: "c:"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.852] VirtualAlloc (lpAddress=0x128c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128c4000 [0092.853] GetProcAddress (hModule=0x765d0000, lpProcName="FindFirstFileW") returned 0x765f6960 [0092.854] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x12831ba0 | out: lpFindFileData=0x12831ba0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbaec25, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xbaec25, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x9af820 [0092.854] GetProcAddress (hModule=0x765d0000, lpProcName="FindNextFileW") returned 0x765f69a0 [0092.854] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x7898476d, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78b27f82, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78b27f82, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0092.854] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xe47a48a8, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x78ab5a49, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x61b64, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0092.854] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe5533ee0, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x78b27f82, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTNXT", cAlternateFileName="")) returned 1 [0092.854] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0x78d17e5a, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78d17e5a, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78d17e5a, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0092.854] VirtualAlloc (lpAddress=0x128c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128c6000 [0092.855] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0092.855] VirtualAlloc (lpAddress=0x128c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128c8000 [0092.855] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x551dbbfd, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x551dbbfd, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0xaa715a5, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x332fe000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0092.855] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x85890a37, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x85890a37, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0xb7ec065, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x48000000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0092.855] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbaec25, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xbaec25, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0092.855] VirtualAlloc (lpAddress=0x128ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128ca000 [0092.855] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e463b82, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x6e463b82, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0092.855] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1b83b055, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x1b83b055, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0092.855] VirtualAlloc (lpAddress=0x128cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128cc000 [0092.856] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x387f5bb4, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0x387f5bb4, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0092.856] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xbaa998b0, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0xbadba904, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0xbadba904, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0092.856] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x858b6c65, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x858b6c65, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0xb8121ae, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x10000000, dwReserved0=0x0, dwReserved1=0x0, cFileName="swapfile.sys", cAlternateFileName="")) returned 1 [0092.856] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x85289733, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x2dbfc137, ftLastAccessTime.dwHighDateTime=0x1d70505, ftLastWriteTime.dwLowDateTime=0x2dbfc137, ftLastWriteTime.dwHighDateTime=0x1d70505, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0092.856] VirtualAlloc (lpAddress=0x128ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128ce000 [0092.856] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0092.856] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0092.856] VirtualAlloc (lpAddress=0x128d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128d0000 [0092.856] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b9c | out: lpFindFileData=0x12831b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.856] GetProcAddress (hModule=0x765d0000, lpProcName="FindClose") returned 0x765f68e0 [0092.856] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.856] GetFileAttributesExW (in: lpFileName="C:\\/read_me_unlock.txt" (normalized: "c:\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831c24 | out: lpFileInformation=0x12831c24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.857] CreateFileW (lpFileName="C:\\/read_me_unlock.txt" (normalized: "c:\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0092.858] CreateFileW (lpFileName="C:\\/read_me_unlock.txt" (normalized: "c:\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0092.859] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831e3c | out: lpMode=0x12831e3c) returned 0 [0092.859] GetFileType (hFile=0x13c) returned 0x1 [0092.859] GetProcAddress (hModule=0x765d0000, lpProcName="WriteFile") returned 0x765f6ca0 [0092.860] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831e2c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831e2c*=0x2b8, lpOverlapped=0x0) returned 1 [0092.861] GetProcAddress (hModule=0x765d0000, lpProcName="CloseHandle") returned 0x765f6630 [0092.861] CloseHandle (hObject=0x13c) returned 1 [0092.863] GetFileAttributesExW (in: lpFileName="C:\\$Recycle.Bin" (normalized: "c:\\$recycle.bin"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x77b1180e, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x77b1180e, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0092.863] CreateFileW (lpFileName="C:\\$Recycle.Bin" (normalized: "c:\\$recycle.bin"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.863] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x77b1180e, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x77b1180e, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0092.864] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x77b1180e, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x77b1180e, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.864] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x77b1180e, ftCreationTime.dwHighDateTime=0x1d705ed, ftLastAccessTime.dwLowDateTime=0x77b1180e, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x77b1180e, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-18", cAlternateFileName="")) returned 1 [0092.864] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x913b261b, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0x913b261b, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x913b261b, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0092.864] VirtualAlloc (lpAddress=0x128d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128d2000 [0092.864] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.864] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.864] GetFileAttributesExW (in: lpFileName="C:\\BOOTNXT" (normalized: "c:\\bootnxt"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe5533ee0, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x78b27f82, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1)) returned 1 [0092.865] VirtualAlloc (lpAddress=0x128d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128d4000 [0092.866] GetProcAddress (hModule=0x765d0000, lpProcName="WriteConsoleW") returned 0x765f7020 [0092.866] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12892200*, nNumberOfCharsToWrite=0xd, lpNumberOfCharsWritten=0x12831980, lpReserved=0x0 | out: lpBuffer=0x12892200*, lpNumberOfCharsWritten=0x12831980*=0xd) returned 1 [0092.896] SetEvent (hEvent=0x144) returned 1 [0092.896] VirtualAlloc (lpAddress=0x1290a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1290a000 [0092.896] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0x78d17e5a, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78d17e5a, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78d17e5a, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0092.896] VirtualAlloc (lpAddress=0x1290c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1290c000 [0092.896] GetFileAttributesExW (in: lpFileName="C:\\Boot" (normalized: "c:\\boot"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x7898476d, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78b74525, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78b74525, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0092.897] CreateFileW (lpFileName="C:\\Boot" (normalized: "c:\\boot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.897] VirtualAlloc (lpAddress=0x1290e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1290e000 [0092.897] VirtualAlloc (lpAddress=0x12910000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12910000 [0092.897] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x7898476d, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78b74525, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78b74525, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0092.897] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x7898476d, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78b74525, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78b74525, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78b74525, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x93feaf64, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x93feaf64, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x78b74525, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78b74525, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78b74525, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x78b74525, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78b74525, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78b74525, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x78b74525, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78b74525, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78b74525, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7898476d, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x7898476d, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x7898476d, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x78ab5a49, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78ab5a49, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78ab5a49, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x789aa98c, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789aa98c, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootvhd.dll", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789aa98c, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789aa98c, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789aa98c, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789aa98c, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789aa98c, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789aa98c, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789aa98c, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789aa98c, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789aa98c, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789aa98c, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789d0a50, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789d0a50, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0092.912] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789d0a50, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789d0a50, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789d0a50, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-GB", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789d0a50, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789d0a50, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789d0a50, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789d0a50, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789d0a50, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789d0a50, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789d0a50, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789d0a50, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789d0a50, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-MX", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789d0a50, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789d0a50, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789d0a50, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et-EE", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789d0a50, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789d0a50, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789d0a50, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78ab5a49, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78b27f82, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78b27f82, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789d0a50, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789d0a50, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789d0a50, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-CA", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789f6c92, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789f6c92, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789f6c92, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789f6c92, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789f6c92, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789f6c92, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr-HR", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789f6c92, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789f6c92, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789f6c92, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789f6c92, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789f6c92, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789f6c92, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789f6c92, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x789f6c92, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x789f6c92, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x789f6c92, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a1cf69, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a1cf69, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a1cf69, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a1cf69, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a1cf69, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt-LT", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a1cf69, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a1cf69, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a1cf69, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv-LV", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78a1cf69, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a1cf69, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xc2960, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a1cf69, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a1cf69, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a1cf69, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a1cf69, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a1cf69, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a1cf69, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a1cf69, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a4324e, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a4324e, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a4324e, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a4324e, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a4324e, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a4324e, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a4324e, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a4324e, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a4324e, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a4324e, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a4324e, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qps-ploc", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78b27f82, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78b27f82, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78b27f82, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a4324e, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a4324e, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a4324e, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro-RO", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a4324e, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a4324e, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a4324e, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a4324e, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a4324e, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a4324e, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk-SK", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a693cf, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a693cf, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a693cf, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl-SI", cAlternateFileName="")) returned 1 [0092.913] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a693cf, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a693cf, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a693cf, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr-Latn-CS", cAlternateFileName="SR-LAT~1")) returned 1 [0092.914] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a693cf, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a693cf, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a693cf, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr-Latn-RS", cAlternateFileName="SR-LAT~2")) returned 1 [0092.914] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a693cf, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a693cf, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a693cf, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0092.914] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a693cf, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a693cf, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a693cf, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0092.914] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a693cf, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a693cf, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a693cf, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk-UA", cAlternateFileName="")) returned 1 [0092.914] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a693cf, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78a8f7b9, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78a8f7b9, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0092.914] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78a8f7b9, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78ab5a49, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78ab5a49, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0092.914] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x78ab5a49, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x78ab5a49, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x78ab5a49, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0092.914] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.914] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.914] GetFileAttributesExW (in: lpFileName="C:\\Documents and Settings" (normalized: "c:\\documents and settings"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0092.914] CreateFileW (lpFileName="C:\\Documents and Settings" (normalized: "c:\\documents and settings"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0092.915] GetProcAddress (hModule=0x765d0000, lpProcName="GetFileInformationByHandle") returned 0x765f6a60 [0092.915] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831c10 | out: lpFileInformation=0x12831c10) returned 1 [0092.915] GetProcAddress (hModule=0x765d0000, lpProcName="GetFileInformationByHandleEx") returned 0x76610ea0 [0092.915] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831c08, dwBufferSize=0x8 | out: lpFileInformation=0x12831c08) returned 1 [0092.915] CloseHandle (hObject=0x13c) returned 1 [0092.915] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128942c0*, nNumberOfCharsToWrite=0x1c, lpNumberOfCharsWritten=0x12831980, lpReserved=0x0 | out: lpBuffer=0x128942c0*, lpNumberOfCharsWritten=0x12831980*=0x1c) returned 1 [0092.969] GetFileAttributesExW (in: lpFileName="C:\\PerfLogs" (normalized: "c:\\perflogs"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbaec25, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xbaec25, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0092.969] CreateFileW (lpFileName="C:\\PerfLogs" (normalized: "c:\\perflogs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.969] FindFirstFileW (in: lpFileName="C:\\PerfLogs\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbaec25, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xbaec25, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0092.969] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbaec25, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xbaec25, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.969] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.969] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.969] GetFileAttributesExW (in: lpFileName="C:\\PerfLogs/read_me_unlock.txt" (normalized: "c:\\perflogs\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831bbc | out: lpFileInformation=0x12831bbc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.970] CreateFileW (lpFileName="C:\\PerfLogs/read_me_unlock.txt" (normalized: "c:\\perflogs\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0092.970] CreateFileW (lpFileName="C:\\PerfLogs/read_me_unlock.txt" (normalized: "c:\\perflogs\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0092.970] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831dd4 | out: lpMode=0x12831dd4) returned 0 [0092.976] GetFileType (hFile=0x13c) returned 0x1 [0092.976] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831dc4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831dc4*=0x2b8, lpOverlapped=0x0) returned 1 [0092.977] CloseHandle (hObject=0x13c) returned 1 [0092.977] GetFileAttributesExW (in: lpFileName="C:\\Program Files" (normalized: "c:\\program files"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e463b82, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x6e463b82, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0092.977] CreateFileW (lpFileName="C:\\Program Files" (normalized: "c:\\program files"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.977] FindFirstFileW (in: lpFileName="C:\\Program Files\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e463b82, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x6e463b82, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6e463b82, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x6e463b82, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x535efac4, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x535efac4, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2f72013, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9701bb02, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x9701bb02, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2132d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x548071af, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x548071af, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b3095dc, ftCreationTime.dwHighDateTime=0x1d705ed, ftLastAccessTime.dwLowDateTime=0x54085547, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x54085547, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office 15", cAlternateFileName="MICROS~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde5c2433, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0x5490143c, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5490143c, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde5c2433, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0x5490fdec, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5490fdec, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf22b9950, ftCreationTime.dwHighDateTime=0x1d70067, ftLastAccessTime.dwLowDateTime=0x54060b2a, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x54060b2a, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uninstall Information", cAlternateFileName="UNINST~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2132d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x548e52a2, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x548e52a2, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6ebef3a1, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6ec3b857, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6ec3b857, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Journal", cAlternateFileName="WIA843~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2132d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5466e5b5, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5466e5b5, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~2")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc2132d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x54d8192c, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x54d8192c, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WINDOW~3")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x548ea176, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x548ea176, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Multimedia Platform", cAlternateFileName="WINDOW~4")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5490affe, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5490affe, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WI67CB~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x548fdcd7, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x548fdcd7, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WI8A19~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x547f8761, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x547f8761, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xc47584, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xc47584, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x2224dfa5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2224dfa5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsApps", cAlternateFileName="WI7DB9~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc47584, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x549062cc, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x549062cc, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsPowerShell", cAlternateFileName="WID5B1~1")) returned 1 [0092.978] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.978] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.979] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)" (normalized: "c:\\program files (x86)"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1b83b055, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x1b83b055, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0092.979] CreateFileW (lpFileName="C:\\Program Files (x86)" (normalized: "c:\\program files (x86)"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.979] FindFirstFileW (in: lpFileName="C:\\Program Files (x86)\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1b83b055, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x1b83b055, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1b83b055, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x1b83b055, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x544fb731, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x544fb731, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Common Files", cAlternateFileName="COMMON~1")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x32b93ba, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97199283, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97199283, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc93a39, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5466e5b5, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5466e5b5, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1b83b055, ftCreationTime.dwHighDateTime=0x1d705ed, ftLastAccessTime.dwLowDateTime=0x54d853c7, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x54d853c7, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Office", cAlternateFileName="MICROS~1")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc93a39, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x548f906d, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x548f906d, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET", cAlternateFileName="MICROS~1.NET")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde6b7421, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0x5465d4cb, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5465d4cb, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSBuild", cAlternateFileName="")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xde6dd69d, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0xde6dd69d, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xde6dd69d, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Reference Assemblies", cAlternateFileName="REFERE~1")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc93a39, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5466e5b5, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5466e5b5, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Defender", cAlternateFileName="WINDOW~1")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc93a39, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x54077e20, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x54077e20, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~2")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc93a39, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5406a760, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5406a760, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WINDOW~3")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc93a39, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x545fba98, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x545fba98, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Multimedia Platform", cAlternateFileName="WINDOW~4")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc93a39, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5466e5b5, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5466e5b5, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows NT", cAlternateFileName="WI67CB~1")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc93a39, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x548f3d72, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x548f3d72, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Photo Viewer", cAlternateFileName="WI8A19~1")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc93a39, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x54d7cb24, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x54d7cb24, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Portable Devices", cAlternateFileName="WIBFE5~1")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x54657305, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x54657305, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WI4223~1")) returned 1 [0092.979] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x54800ffe, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x54800ffe, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsPowerShell", cAlternateFileName="WID5B1~1")) returned 1 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.980] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.980] GetFileAttributesExW (in: lpFileName="C:\\ProgramData" (normalized: "c:\\programdata"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x387f5bb4, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0x387f5bb4, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0092.980] CreateFileW (lpFileName="C:\\ProgramData" (normalized: "c:\\programdata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.980] FindFirstFileW (in: lpFileName="C:\\ProgramData\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x387f5bb4, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0x387f5bb4, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x387f5bb4, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0x387f5bb4, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xcb9c8f, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xcb9c8f, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Comms", cAlternateFileName="")) returned 1 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xcdfeea, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x1b54cf26, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x1b54cf26, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x87b95643, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x87b95643, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x87b95643, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft OneDrive", cAlternateFileName="MICROS~2")) returned 1 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x387f5bb4, ftCreationTime.dwHighDateTime=0x1d705cc, ftLastAccessTime.dwLowDateTime=0x6be8870b, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0x6be8870b, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0092.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6121cfc7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x6121cfc7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="regid.1991-06.com.microsoft", cAlternateFileName="REGID1~1.MIC")) returned 1 [0092.981] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd78854, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoftwareDistribution", cAlternateFileName="SOFTWA~1")) returned 1 [0092.981] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0092.981] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0092.981] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd78854, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd78854, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd78854, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="USOPrivate", cAlternateFileName="USOPRI~1")) returned 1 [0092.981] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf97592c3, ftCreationTime.dwHighDateTime=0x1d70067, ftLastAccessTime.dwLowDateTime=0xf97592c3, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xf97592c3, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="USOShared", cAlternateFileName="USOSHA~1")) returned 1 [0092.981] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.981] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.993] GetFileAttributesExW (in: lpFileName="C:\\Recovery" (normalized: "c:\\recovery"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xbaa998b0, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0xbadba904, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0xbadba904, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0092.993] CreateFileW (lpFileName="C:\\Recovery" (normalized: "c:\\recovery"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.993] FindFirstFileW (in: lpFileName="C:\\Recovery\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xbaa998b0, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0xbadba904, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0xbadba904, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0092.993] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xbaa998b0, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0xbadba904, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0xbadba904, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.993] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xbaa998b0, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x5feba6e9, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5feba6e9, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsRE", cAlternateFileName="WINDOW~1")) returned 1 [0092.993] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.993] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.993] GetFileAttributesExW (in: lpFileName="C:\\Recovery/read_me_unlock.txt" (normalized: "c:\\recovery\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831bbc | out: lpFileInformation=0x12831bbc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.994] CreateFileW (lpFileName="C:\\Recovery/read_me_unlock.txt" (normalized: "c:\\recovery\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0092.994] CreateFileW (lpFileName="C:\\Recovery/read_me_unlock.txt" (normalized: "c:\\recovery\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0092.994] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831dd4 | out: lpMode=0x12831dd4) returned 0 [0092.994] GetFileType (hFile=0x13c) returned 0x1 [0092.994] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831dc4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831dc4*=0x2b8, lpOverlapped=0x0) returned 1 [0092.995] CloseHandle (hObject=0x13c) returned 1 [0092.995] GetFileAttributesExW (in: lpFileName="C:\\Recovery\\WindowsRE" (normalized: "c:\\recovery\\windowsre"), fInfoLevelId=0x0, lpFileInformation=0x12831c1c | out: lpFileInformation=0x12831c1c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xbaa998b0, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x5feba6e9, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5feba6e9, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0092.996] CreateFileW (lpFileName="C:\\Recovery\\WindowsRE" (normalized: "c:\\recovery\\windowsre"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.996] FindFirstFileW (in: lpFileName="C:\\Recovery\\WindowsRE\\*", lpFindFileData=0x12831ad0 | out: lpFindFileData=0x12831ad0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xbaa998b0, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x5feba6e9, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5feba6e9, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0092.996] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xbaa998b0, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x5feba6e9, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5feba6e9, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xbaa998b0, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0xbaa998b0, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x136e0f4d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xbadba904, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x5feba6e9, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5feba6e9, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x415, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReAgent.xml", cAlternateFileName="")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xe1aeb488, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xe1aeb488, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0x1f0b6c28, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x11b68298, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.996] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.996] GetFileAttributesExW (in: lpFileName="C:\\System Volume Information" (normalized: "c:\\system volume information"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x85289733, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x2dbfc137, ftLastAccessTime.dwHighDateTime=0x1d70505, ftLastWriteTime.dwLowDateTime=0x2dbfc137, ftLastWriteTime.dwHighDateTime=0x1d70505, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0092.996] CreateFileW (lpFileName="C:\\System Volume Information" (normalized: "c:\\system volume information"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.996] FindFirstFileW (in: lpFileName="C:\\System Volume Information\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0092.996] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0092.997] CreateFileW (lpFileName="C:\\Users" (normalized: "c:\\users"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0092.997] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0092.997] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.997] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0092.997] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0092.997] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0092.997] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3757c8c, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x973af366, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x973af366, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0092.997] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0092.997] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 1 [0092.997] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.997] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0092.997] GetFileAttributesExW (in: lpFileName="C:\\Users/read_me_unlock.txt" (normalized: "c:\\users\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831bbc | out: lpFileInformation=0x12831bbc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.997] CreateFileW (lpFileName="C:\\Users/read_me_unlock.txt" (normalized: "c:\\users\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0092.997] CreateFileW (lpFileName="C:\\Users/read_me_unlock.txt" (normalized: "c:\\users\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.011] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831dd4 | out: lpMode=0x12831dd4) returned 0 [0093.011] GetFileType (hFile=0x13c) returned 0x1 [0093.012] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831dc4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831dc4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.012] CloseHandle (hObject=0x13c) returned 1 [0093.013] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users" (normalized: "c:\\users\\all users"), fInfoLevelId=0x0, lpFileInformation=0x12831c1c | out: lpFileInformation=0x12831c1c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.013] CreateFileW (lpFileName="C:\\Users\\All Users" (normalized: "c:\\users\\all users"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.013] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831ba8 | out: lpFileInformation=0x12831ba8) returned 1 [0093.013] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831ba0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ba0) returned 1 [0093.013] CloseHandle (hObject=0x13c) returned 1 [0093.013] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128909f0*, nNumberOfCharsToWrite=0x15, lpNumberOfCharsWritten=0x12831918, lpReserved=0x0 | out: lpBuffer=0x128909f0*, lpNumberOfCharsWritten=0x12831918*=0x15) returned 1 [0093.031] SetEvent (hEvent=0x10c) returned 1 [0093.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default" (normalized: "c:\\users\\default"), fInfoLevelId=0x0, lpFileInformation=0x12831c1c | out: lpFileInformation=0x12831c1c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.032] CreateFileW (lpFileName="C:\\Users\\Default" (normalized: "c:\\users\\default"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.032] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*", lpFindFileData=0x12831ad0 | out: lpFindFileData=0x12831ad0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.066] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.067] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0093.067] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d54d8a8, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d54d8a8, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d54d8a8, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0093.067] VirtualAlloc (lpAddress=0x1291e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1291e000 [0093.067] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0093.067] VirtualAlloc (lpAddress=0x12920000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12920000 [0093.067] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0093.067] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0093.068] VirtualAlloc (lpAddress=0x12922000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12922000 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0093.068] VirtualAlloc (lpAddress=0x12924000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12924000 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x31bfa5a5, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xea64ab63, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xea64ab63, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x31cb9166, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x31cb9166, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x31cb9166, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x31cb9166, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x31cb9166, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x31cb9166, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0093.069] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d5f4e96, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d5f4e96, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0093.069] VirtualAlloc (lpAddress=0x12926000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12926000 [0093.069] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d5f4e96, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d5f4e96, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0093.069] VirtualAlloc (lpAddress=0x12928000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12928000 [0093.069] VirtualAlloc (lpAddress=0x1292a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1292a000 [0093.069] VirtualAlloc (lpAddress=0x1292c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1292c000 [0093.069] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d61ae52, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d61ae52, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0093.070] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0093.070] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0093.070] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0093.070] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0093.070] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0093.070] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0093.070] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0093.070] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0093.070] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.070] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.071] VirtualAlloc (lpAddress=0x1292e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1292e000 [0093.071] VirtualAlloc (lpAddress=0x12930000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12930000 [0093.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default/read_me_unlock.txt" (normalized: "c:\\users\\default\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831b54 | out: lpFileInformation=0x12831b54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.072] CreateFileW (lpFileName="C:\\Users\\Default/read_me_unlock.txt" (normalized: "c:\\users\\default\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.072] CreateFileW (lpFileName="C:\\Users\\Default/read_me_unlock.txt" (normalized: "c:\\users\\default\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.073] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d6c | out: lpMode=0x12831d6c) returned 0 [0093.073] GetFileType (hFile=0x13c) returned 0x1 [0093.073] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831d5c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831d5c*=0x2b8, lpOverlapped=0x0) returned 1 [0093.074] CloseHandle (hObject=0x13c) returned 1 [0093.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\AppData" (normalized: "c:\\users\\default\\appdata"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.075] CreateFileW (lpFileName="C:\\Users\\Default\\AppData" (normalized: "c:\\users\\default\\appdata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.075] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.075] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.075] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0093.075] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0093.075] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.075] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.075] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Application Data" (normalized: "c:\\users\\default\\application data"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d54d8a8, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d54d8a8, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d54d8a8, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.076] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data" (normalized: "c:\\users\\default\\application data"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.076] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.076] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.076] CloseHandle (hObject=0x13c) returned 1 [0093.076] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129300f0*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x129300f0*, lpNumberOfCharsWritten=0x128318b0*=0x24) returned 1 [0093.079] SetEvent (hEvent=0x144) returned 1 [0093.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Cookies" (normalized: "c:\\users\\default\\cookies"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.079] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies" (normalized: "c:\\users\\default\\cookies"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.079] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.080] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.080] CloseHandle (hObject=0x13c) returned 1 [0093.080] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291e240*, nNumberOfCharsToWrite=0x1b, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1291e240*, lpNumberOfCharsWritten=0x128318b0*=0x1b) returned 1 [0093.090] VirtualAlloc (lpAddress=0x12980000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12980000 [0093.091] VirtualAlloc (lpAddress=0x12982000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12982000 [0093.091] VirtualAlloc (lpAddress=0x12984000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12984000 [0093.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Desktop" (normalized: "c:\\users\\default\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.092] VirtualAlloc (lpAddress=0x12986000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12986000 [0093.092] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop" (normalized: "c:\\users\\default\\desktop"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.092] VirtualAlloc (lpAddress=0x12988000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12988000 [0093.092] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.092] VirtualAlloc (lpAddress=0x1298a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1298a000 [0093.093] VirtualAlloc (lpAddress=0x1298c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1298c000 [0093.093] VirtualAlloc (lpAddress=0x1298e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1298e000 [0093.093] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.093] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.093] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.094] VirtualAlloc (lpAddress=0x12990000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12990000 [0093.094] VirtualAlloc (lpAddress=0x12992000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12992000 [0093.094] VirtualAlloc (lpAddress=0x12994000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12994000 [0093.095] VirtualAlloc (lpAddress=0x12996000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12996000 [0093.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Desktop/read_me_unlock.txt" (normalized: "c:\\users\\default\\desktop\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.095] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop/read_me_unlock.txt" (normalized: "c:\\users\\default\\desktop\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.095] VirtualAlloc (lpAddress=0x12998000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12998000 [0093.095] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop/read_me_unlock.txt" (normalized: "c:\\users\\default\\desktop\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.096] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.096] GetFileType (hFile=0x13c) returned 0x1 [0093.096] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.097] CloseHandle (hObject=0x13c) returned 1 [0093.097] VirtualAlloc (lpAddress=0x1299a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1299a000 [0093.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Documents" (normalized: "c:\\users\\default\\documents"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.098] CreateFileW (lpFileName="C:\\Users\\Default\\Documents" (normalized: "c:\\users\\default\\documents"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.098] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.104] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.104] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0093.104] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0093.104] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0093.104] VirtualAlloc (lpAddress=0x1299c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1299c000 [0093.105] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.105] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.105] VirtualAlloc (lpAddress=0x1299e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1299e000 [0093.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Documents/read_me_unlock.txt" (normalized: "c:\\users\\default\\documents\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.106] CreateFileW (lpFileName="C:\\Users\\Default\\Documents/read_me_unlock.txt" (normalized: "c:\\users\\default\\documents\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.107] CreateFileW (lpFileName="C:\\Users\\Default\\Documents/read_me_unlock.txt" (normalized: "c:\\users\\default\\documents\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.107] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.107] GetFileType (hFile=0x13c) returned 0x1 [0093.107] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.108] CloseHandle (hObject=0x13c) returned 1 [0093.109] VirtualAlloc (lpAddress=0x129a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129a0000 [0093.109] VirtualAlloc (lpAddress=0x129a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129a2000 [0093.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music" (normalized: "c:\\users\\default\\documents\\my music"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.115] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music" (normalized: "c:\\users\\default\\documents\\my music"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.115] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831ad8 | out: lpFileInformation=0x12831ad8) returned 1 [0093.116] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831ad0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ad0) returned 1 [0093.116] CloseHandle (hObject=0x13c) returned 1 [0093.116] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a2050*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a2050*, lpNumberOfCharsWritten=0x12831848*=0x26) returned 1 [0093.126] SetEvent (hEvent=0x150) returned 1 [0093.126] VirtualAlloc (lpAddress=0x129a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129a4000 [0093.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures" (normalized: "c:\\users\\default\\documents\\my pictures"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.126] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures" (normalized: "c:\\users\\default\\documents\\my pictures"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.126] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831ad8 | out: lpFileInformation=0x12831ad8) returned 1 [0093.126] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831ad0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ad0) returned 1 [0093.127] CloseHandle (hObject=0x13c) returned 1 [0093.127] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12996180*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12996180*, lpNumberOfCharsWritten=0x12831848*=0x29) returned 1 [0093.129] VirtualAlloc (lpAddress=0x128e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128e8000 [0093.130] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos" (normalized: "c:\\users\\default\\documents\\my videos"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.134] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos" (normalized: "c:\\users\\default\\documents\\my videos"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.135] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831ad8 | out: lpFileInformation=0x12831ad8) returned 1 [0093.135] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831ad0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ad0) returned 1 [0093.135] CloseHandle (hObject=0x13c) returned 1 [0093.135] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128cc690*, nNumberOfCharsToWrite=0x27, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128cc690*, lpNumberOfCharsWritten=0x12831848*=0x27) returned 1 [0093.139] SetEvent (hEvent=0x10c) returned 1 [0093.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Downloads" (normalized: "c:\\users\\default\\downloads"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.149] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads" (normalized: "c:\\users\\default\\downloads"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.149] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.149] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.149] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.149] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Downloads/read_me_unlock.txt" (normalized: "c:\\users\\default\\downloads\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.150] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads/read_me_unlock.txt" (normalized: "c:\\users\\default\\downloads\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.150] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads/read_me_unlock.txt" (normalized: "c:\\users\\default\\downloads\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.152] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.152] GetFileType (hFile=0x13c) returned 0x1 [0093.153] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.154] CloseHandle (hObject=0x13c) returned 1 [0093.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites" (normalized: "c:\\users\\default\\favorites"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.154] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites" (normalized: "c:\\users\\default\\favorites"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.154] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.154] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.154] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.154] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Favorites/read_me_unlock.txt" (normalized: "c:\\users\\default\\favorites\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.154] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites/read_me_unlock.txt" (normalized: "c:\\users\\default\\favorites\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.155] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites/read_me_unlock.txt" (normalized: "c:\\users\\default\\favorites\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.155] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.155] GetFileType (hFile=0x13c) returned 0x1 [0093.155] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.156] CloseHandle (hObject=0x13c) returned 1 [0093.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Links" (normalized: "c:\\users\\default\\links"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.156] CreateFileW (lpFileName="C:\\Users\\Default\\Links" (normalized: "c:\\users\\default\\links"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.156] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.156] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.156] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.156] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Links/read_me_unlock.txt" (normalized: "c:\\users\\default\\links\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.156] CreateFileW (lpFileName="C:\\Users\\Default\\Links/read_me_unlock.txt" (normalized: "c:\\users\\default\\links\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.157] CreateFileW (lpFileName="C:\\Users\\Default\\Links/read_me_unlock.txt" (normalized: "c:\\users\\default\\links\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.157] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.157] GetFileType (hFile=0x13c) returned 0x1 [0093.157] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.158] CloseHandle (hObject=0x13c) returned 1 [0093.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Local Settings" (normalized: "c:\\users\\default\\local settings"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.158] CreateFileW (lpFileName="C:\\Users\\Default\\Local Settings" (normalized: "c:\\users\\default\\local settings"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.158] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.158] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.158] CloseHandle (hObject=0x13c) returned 1 [0093.158] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a2140*, nNumberOfCharsToWrite=0x22, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x129a2140*, lpNumberOfCharsWritten=0x128318b0*=0x22) returned 1 [0093.161] SetEvent (hEvent=0x150) returned 1 [0093.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Music" (normalized: "c:\\users\\default\\music"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.161] CreateFileW (lpFileName="C:\\Users\\Default\\Music" (normalized: "c:\\users\\default\\music"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.161] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.161] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.161] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.161] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Music/read_me_unlock.txt" (normalized: "c:\\users\\default\\music\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.161] CreateFileW (lpFileName="C:\\Users\\Default\\Music/read_me_unlock.txt" (normalized: "c:\\users\\default\\music\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.161] CreateFileW (lpFileName="C:\\Users\\Default\\Music/read_me_unlock.txt" (normalized: "c:\\users\\default\\music\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.162] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.162] GetFileType (hFile=0x13c) returned 0x1 [0093.162] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.164] CloseHandle (hObject=0x13c) returned 1 [0093.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\My Documents" (normalized: "c:\\users\\default\\my documents"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.164] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents" (normalized: "c:\\users\\default\\my documents"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.164] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.164] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.164] CloseHandle (hObject=0x13c) returned 1 [0093.164] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129843c0*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x129843c0*, lpNumberOfCharsWritten=0x128318b0*=0x20) returned 1 [0093.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x31bfa5a5, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xea64ab63, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xea64ab63, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0093.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x31cb9166, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x31cb9166, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x31cb9166, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x9000)) returned 1 [0093.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x31cb9166, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x31cb9166, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x31cb9166, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0093.172] VirtualAlloc (lpAddress=0x12934000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12934000 [0093.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{62e13464-7ee5-11e5-80c4-a4badb40df56}.tm.blf"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d5f4e96, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d5f4e96, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0093.172] VirtualAlloc (lpAddress=0x12936000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12936000 [0093.173] VirtualAlloc (lpAddress=0x12938000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12938000 [0093.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{62e13464-7ee5-11e5-80c4-a4badb40df56}.tmcontainer00000000000000000001.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d5f4e96, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d5f4e96, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0093.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{62e13464-7ee5-11e5-80c4-a4badb40df56}.tmcontainer00000000000000000002.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d61ae52, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d61ae52, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0093.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NetHood" (normalized: "c:\\users\\default\\nethood"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.174] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood" (normalized: "c:\\users\\default\\nethood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.174] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.174] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.174] CloseHandle (hObject=0x13c) returned 1 [0093.174] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291e440*, nNumberOfCharsToWrite=0x1b, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1291e440*, lpNumberOfCharsWritten=0x128318b0*=0x1b) returned 1 [0093.176] SetEvent (hEvent=0x10c) returned 1 [0093.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Pictures" (normalized: "c:\\users\\default\\pictures"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.176] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures" (normalized: "c:\\users\\default\\pictures"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.176] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.176] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.176] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.176] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.176] VirtualAlloc (lpAddress=0x1293a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1293a000 [0093.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Pictures/read_me_unlock.txt" (normalized: "c:\\users\\default\\pictures\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.177] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures/read_me_unlock.txt" (normalized: "c:\\users\\default\\pictures\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.177] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures/read_me_unlock.txt" (normalized: "c:\\users\\default\\pictures\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.177] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.177] GetFileType (hFile=0x13c) returned 0x1 [0093.177] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.178] CloseHandle (hObject=0x13c) returned 1 [0093.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\PrintHood" (normalized: "c:\\users\\default\\printhood"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.182] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood" (normalized: "c:\\users\\default\\printhood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.182] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.182] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.182] CloseHandle (hObject=0x13c) returned 1 [0093.182] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291e580*, nNumberOfCharsToWrite=0x1d, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1291e580*, lpNumberOfCharsWritten=0x128318b0*=0x1d) returned 1 [0093.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Recent" (normalized: "c:\\users\\default\\recent"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.187] CreateFileW (lpFileName="C:\\Users\\Default\\Recent" (normalized: "c:\\users\\default\\recent"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.187] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.187] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.188] CloseHandle (hObject=0x13c) returned 1 [0093.188] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291e5c0*, nNumberOfCharsToWrite=0x1a, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1291e5c0*, lpNumberOfCharsWritten=0x128318b0*=0x1a) returned 1 [0093.203] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Saved Games" (normalized: "c:\\users\\default\\saved games"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.203] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games" (normalized: "c:\\users\\default\\saved games"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.204] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.204] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.204] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.204] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.204] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Saved Games/read_me_unlock.txt" (normalized: "c:\\users\\default\\saved games\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.204] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games/read_me_unlock.txt" (normalized: "c:\\users\\default\\saved games\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.204] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games/read_me_unlock.txt" (normalized: "c:\\users\\default\\saved games\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.204] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.204] GetFileType (hFile=0x13c) returned 0x1 [0093.205] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.206] CloseHandle (hObject=0x13c) returned 1 [0093.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\SendTo" (normalized: "c:\\users\\default\\sendto"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.206] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo" (normalized: "c:\\users\\default\\sendto"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.206] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.206] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.206] CloseHandle (hObject=0x13c) returned 1 [0093.206] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291e6c0*, nNumberOfCharsToWrite=0x1a, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1291e6c0*, lpNumberOfCharsWritten=0x128318b0*=0x1a) returned 1 [0093.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Start Menu" (normalized: "c:\\users\\default\\start menu"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.214] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu" (normalized: "c:\\users\\default\\start menu"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.214] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.214] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.214] CloseHandle (hObject=0x13c) returned 1 [0093.214] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291e740*, nNumberOfCharsToWrite=0x1e, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1291e740*, lpNumberOfCharsWritten=0x128318b0*=0x1e) returned 1 [0093.217] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Templates" (normalized: "c:\\users\\default\\templates"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.217] CreateFileW (lpFileName="C:\\Users\\Default\\Templates" (normalized: "c:\\users\\default\\templates"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.218] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.218] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.218] CloseHandle (hObject=0x13c) returned 1 [0093.218] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291e7c0*, nNumberOfCharsToWrite=0x1d, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1291e7c0*, lpNumberOfCharsWritten=0x128318b0*=0x1d) returned 1 [0093.220] VirtualAlloc (lpAddress=0x1293c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x1293c000 [0093.220] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Videos" (normalized: "c:\\users\\default\\videos"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.221] CreateFileW (lpFileName="C:\\Users\\Default\\Videos" (normalized: "c:\\users\\default\\videos"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.221] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.221] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.221] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.221] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.221] VirtualAlloc (lpAddress=0x12944000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12944000 [0093.221] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Videos/read_me_unlock.txt" (normalized: "c:\\users\\default\\videos\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.221] CreateFileW (lpFileName="C:\\Users\\Default\\Videos/read_me_unlock.txt" (normalized: "c:\\users\\default\\videos\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.222] CreateFileW (lpFileName="C:\\Users\\Default\\Videos/read_me_unlock.txt" (normalized: "c:\\users\\default\\videos\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.222] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.222] GetFileType (hFile=0x13c) returned 0x1 [0093.222] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.223] CloseHandle (hObject=0x13c) returned 1 [0093.223] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default User" (normalized: "c:\\users\\default user"), fInfoLevelId=0x0, lpFileInformation=0x12831c1c | out: lpFileInformation=0x12831c1c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.223] CreateFileW (lpFileName="C:\\Users\\Default User" (normalized: "c:\\users\\default user"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.223] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831ba8 | out: lpFileInformation=0x12831ba8) returned 1 [0093.223] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831ba0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ba0) returned 1 [0093.223] CloseHandle (hObject=0x13c) returned 1 [0093.224] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291a960*, nNumberOfCharsToWrite=0x18, lpNumberOfCharsWritten=0x12831918, lpReserved=0x0 | out: lpBuffer=0x1291a960*, lpNumberOfCharsWritten=0x12831918*=0x18) returned 1 [0093.226] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public" (normalized: "c:\\users\\public"), fInfoLevelId=0x0, lpFileInformation=0x12831c1c | out: lpFileInformation=0x12831c1c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0093.226] CreateFileW (lpFileName="C:\\Users\\Public" (normalized: "c:\\users\\public"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.226] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x12831ad0 | out: lpFindFileData=0x12831ad0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.228] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.228] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccountPictures", cAlternateFileName="ACCOUN~1")) returned 1 [0093.228] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x37f05f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x37f05f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0093.228] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x37f05f6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.228] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d5bfea2, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d5bfea2, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0093.228] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0093.229] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0093.229] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0093.229] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0093.229] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0093.229] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.229] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.229] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public/read_me_unlock.txt" (normalized: "c:\\users\\public\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831b54 | out: lpFileInformation=0x12831b54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.229] CreateFileW (lpFileName="C:\\Users\\Public/read_me_unlock.txt" (normalized: "c:\\users\\public\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.229] CreateFileW (lpFileName="C:\\Users\\Public/read_me_unlock.txt" (normalized: "c:\\users\\public\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.230] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d6c | out: lpMode=0x12831d6c) returned 0 [0093.230] GetFileType (hFile=0x13c) returned 0x1 [0093.230] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831d5c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831d5c*=0x2b8, lpOverlapped=0x0) returned 1 [0093.230] CloseHandle (hObject=0x13c) returned 1 [0093.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\AccountPictures" (normalized: "c:\\users\\public\\accountpictures"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.231] CreateFileW (lpFileName="C:\\Users\\Public\\AccountPictures" (normalized: "c:\\users\\public\\accountpictures"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.231] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\AccountPictures\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.231] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.231] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.231] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.231] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.231] VirtualAlloc (lpAddress=0x12946000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12946000 [0093.232] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\AccountPictures/read_me_unlock.txt" (normalized: "c:\\users\\public\\accountpictures\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.232] CreateFileW (lpFileName="C:\\Users\\Public\\AccountPictures/read_me_unlock.txt" (normalized: "c:\\users\\public\\accountpictures\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.232] CreateFileW (lpFileName="C:\\Users\\Public\\AccountPictures/read_me_unlock.txt" (normalized: "c:\\users\\public\\accountpictures\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.232] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.232] GetFileType (hFile=0x13c) returned 0x1 [0093.232] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.233] CloseHandle (hObject=0x13c) returned 1 [0093.233] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\AccountPictures\\desktop.ini" (normalized: "c:\\users\\public\\accountpictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xc4)) returned 1 [0093.233] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Desktop" (normalized: "c:\\users\\public\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x37f05f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x37f05f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.233] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop" (normalized: "c:\\users\\public\\desktop"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.233] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x37f05f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x37f05f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.233] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x37f05f6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x37f05f6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.234] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x37f05f6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.234] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.234] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.234] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Desktop/read_me_unlock.txt" (normalized: "c:\\users\\public\\desktop\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.234] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop/read_me_unlock.txt" (normalized: "c:\\users\\public\\desktop\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.234] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop/read_me_unlock.txt" (normalized: "c:\\users\\public\\desktop\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.238] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.238] GetFileType (hFile=0x13c) returned 0x1 [0093.238] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.239] CloseHandle (hObject=0x13c) returned 1 [0093.241] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x37f05f6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0093.241] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents" (normalized: "c:\\users\\public\\documents"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d5bfea2, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d5bfea2, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.241] CreateFileW (lpFileName="C:\\Users\\Public\\Documents" (normalized: "c:\\users\\public\\documents"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.241] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d5bfea2, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d5bfea2, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.273] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d5bfea2, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d5bfea2, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.273] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x37f05f6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.273] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0093.273] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0093.273] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d5bfea2, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d5bfea2, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d5bfea2, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0093.273] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.273] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.274] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents/read_me_unlock.txt" (normalized: "c:\\users\\public\\documents\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.275] CreateFileW (lpFileName="C:\\Users\\Public\\Documents/read_me_unlock.txt" (normalized: "c:\\users\\public\\documents\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.275] CreateFileW (lpFileName="C:\\Users\\Public\\Documents/read_me_unlock.txt" (normalized: "c:\\users\\public\\documents\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x13c [0093.275] GetConsoleMode (in: hConsoleHandle=0x13c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.275] GetFileType (hFile=0x13c) returned 0x1 [0093.275] WriteFile (in: hFile=0x13c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.277] CloseHandle (hObject=0x13c) returned 1 [0093.277] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music" (normalized: "c:\\users\\public\\documents\\my music"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.277] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Music" (normalized: "c:\\users\\public\\documents\\my music"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x13c [0093.277] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12831ad8 | out: lpFileInformation=0x12831ad8) returned 1 [0093.277] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12831ad0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ad0) returned 1 [0093.277] CloseHandle (hObject=0x13c) returned 1 [0093.277] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129305a0*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129305a0*, lpNumberOfCharsWritten=0x12831848*=0x25) returned 1 [0093.280] SetEvent (hEvent=0x10c) returned 1 [0093.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures" (normalized: "c:\\users\\public\\documents\\my pictures"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.280] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Pictures" (normalized: "c:\\users\\public\\documents\\my pictures"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x15c [0093.280] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x12831ad8 | out: lpFileInformation=0x12831ad8) returned 1 [0093.281] GetFileInformationByHandleEx (in: hFile=0x15c, FileInformationClass=0x9, lpFileInformation=0x12831ad0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ad0) returned 1 [0093.281] CloseHandle (hObject=0x15c) returned 1 [0093.281] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12930640*, nNumberOfCharsToWrite=0x28, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12930640*, lpNumberOfCharsWritten=0x12831848*=0x28) returned 1 [0093.315] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos" (normalized: "c:\\users\\public\\documents\\my videos"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d5bfea2, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d5bfea2, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d5bfea2, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.315] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Videos" (normalized: "c:\\users\\public\\documents\\my videos"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x15c [0093.315] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x12831ad8 | out: lpFileInformation=0x12831ad8) returned 1 [0093.315] GetFileInformationByHandleEx (in: hFile=0x15c, FileInformationClass=0x9, lpFileInformation=0x12831ad0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ad0) returned 1 [0093.315] CloseHandle (hObject=0x15c) returned 1 [0093.315] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128cc780*, nNumberOfCharsToWrite=0x26, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128cc780*, lpNumberOfCharsWritten=0x12831848*=0x26) returned 1 [0093.360] SetEvent (hEvent=0x144) returned 1 [0093.360] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x37f05f6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x116)) returned 1 [0093.360] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Downloads" (normalized: "c:\\users\\public\\downloads"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.361] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads" (normalized: "c:\\users\\public\\downloads"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.361] VirtualAlloc (lpAddress=0x128ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128ea000 [0093.361] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.361] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.361] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.361] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.361] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.362] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Downloads/read_me_unlock.txt" (normalized: "c:\\users\\public\\downloads\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.362] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads/read_me_unlock.txt" (normalized: "c:\\users\\public\\downloads\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.362] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads/read_me_unlock.txt" (normalized: "c:\\users\\public\\downloads\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0093.362] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.362] GetFileType (hFile=0x15c) returned 0x1 [0093.362] WriteFile (in: hFile=0x15c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.363] CloseHandle (hObject=0x15c) returned 1 [0093.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0093.373] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Libraries" (normalized: "c:\\users\\public\\libraries"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.373] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries" (normalized: "c:\\users\\public\\libraries"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.373] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.374] VirtualAlloc (lpAddress=0x12866000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12866000 [0093.374] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.374] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.374] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0093.374] VirtualAlloc (lpAddress=0x12868000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12868000 [0093.374] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.374] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.374] VirtualAlloc (lpAddress=0x1286a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1286a000 [0093.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Libraries/read_me_unlock.txt" (normalized: "c:\\users\\public\\libraries\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.375] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries/read_me_unlock.txt" (normalized: "c:\\users\\public\\libraries\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.375] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries/read_me_unlock.txt" (normalized: "c:\\users\\public\\libraries\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0093.398] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.398] GetFileType (hFile=0x15c) returned 0x1 [0093.398] WriteFile (in: hFile=0x15c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.399] CloseHandle (hObject=0x15c) returned 1 [0093.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3e7)) returned 1 [0093.402] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128140e0*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128140e0*, lpNumberOfCharsWritten=0x12831848*=0x34) returned 1 [0093.407] SetEvent (hEvent=0x10c) returned 1 [0093.407] VirtualAlloc (lpAddress=0x1286c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1286c000 [0093.408] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xaf)) returned 1 [0093.408] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music" (normalized: "c:\\users\\public\\music"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.408] CreateFileW (lpFileName="C:\\Users\\Public\\Music" (normalized: "c:\\users\\public\\music"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.408] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.408] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.408] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.408] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.408] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.408] VirtualAlloc (lpAddress=0x1286e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1286e000 [0093.409] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music/read_me_unlock.txt" (normalized: "c:\\users\\public\\music\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.409] CreateFileW (lpFileName="C:\\Users\\Public\\Music/read_me_unlock.txt" (normalized: "c:\\users\\public\\music\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.409] CreateFileW (lpFileName="C:\\Users\\Public\\Music/read_me_unlock.txt" (normalized: "c:\\users\\public\\music\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0093.409] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.409] GetFileType (hFile=0x15c) returned 0x1 [0093.409] WriteFile (in: hFile=0x15c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.410] CloseHandle (hObject=0x15c) returned 1 [0093.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c)) returned 1 [0093.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures" (normalized: "c:\\users\\public\\pictures"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.410] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures" (normalized: "c:\\users\\public\\pictures"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.411] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.411] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.411] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.411] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.411] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures/read_me_unlock.txt" (normalized: "c:\\users\\public\\pictures\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.411] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures/read_me_unlock.txt" (normalized: "c:\\users\\public\\pictures\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.411] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures/read_me_unlock.txt" (normalized: "c:\\users\\public\\pictures\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0093.411] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.411] GetFileType (hFile=0x15c) returned 0x1 [0093.412] WriteFile (in: hFile=0x15c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.412] CloseHandle (hObject=0x15c) returned 1 [0093.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c)) returned 1 [0093.416] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos" (normalized: "c:\\users\\public\\videos"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.417] CreateFileW (lpFileName="C:\\Users\\Public\\Videos" (normalized: "c:\\users\\public\\videos"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.417] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.417] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3816851, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3816851, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.417] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.417] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.417] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.417] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos/read_me_unlock.txt" (normalized: "c:\\users\\public\\videos\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.417] CreateFileW (lpFileName="C:\\Users\\Public\\Videos/read_me_unlock.txt" (normalized: "c:\\users\\public\\videos\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.417] CreateFileW (lpFileName="C:\\Users\\Public\\Videos/read_me_unlock.txt" (normalized: "c:\\users\\public\\videos\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0093.417] GetConsoleMode (in: hConsoleHandle=0x160, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.417] GetFileType (hFile=0x160) returned 0x1 [0093.417] WriteFile (in: hFile=0x160, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.420] CloseHandle (hObject=0x160) returned 1 [0093.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x17c)) returned 1 [0093.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x37f05f6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0093.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx"), fInfoLevelId=0x0, lpFileInformation=0x12831c1c | out: lpFileInformation=0x12831c1c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0093.421] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.421] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\*", lpFindFileData=0x12831ad0 | out: lpFindFileData=0x12831ad0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.421] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.421] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0093.421] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0093.421] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0093.421] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0093.421] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xd58b4c8b, ftLastAccessTime.dwHighDateTime=0x1d74617, ftLastWriteTime.dwLowDateTime=0xd58b4c8b, ftLastWriteTime.dwHighDateTime=0x1d74617, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x535c2836, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x535c2836, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0093.422] VirtualAlloc (lpAddress=0x12870000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12870000 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5222bee6, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5222bee6, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3ce3dbd0, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x91bfd716, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x91bfd716, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x180000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d2dc444, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x70000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d2dc444, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x76000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0093.422] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x63434853, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0093.422] VirtualAlloc (lpAddress=0x12872000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12872000 [0093.422] VirtualAlloc (lpAddress=0x12874000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12874000 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d3026e1, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d3026e1, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6340e659, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0093.423] VirtualAlloc (lpAddress=0x12876000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12876000 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d3026e1, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d3026e1, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6340e659, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x523e6e90, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x523e6e90, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5259a10e, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5259a10e, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831acc | out: lpFindFileData=0x12831acc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.424] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831b54 | out: lpFileInformation=0x12831b54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.424] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.424] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0093.424] GetConsoleMode (in: hConsoleHandle=0x160, lpMode=0x12831d6c | out: lpMode=0x12831d6c) returned 0 [0093.424] GetFileType (hFile=0x160) returned 0x1 [0093.424] WriteFile (in: hFile=0x160, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831d5c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831d5c*=0x2b8, lpOverlapped=0x0) returned 1 [0093.425] CloseHandle (hObject=0x160) returned 1 [0093.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.426] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.426] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4252734, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x4252734, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0093.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4f14c05a, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4f14c05a, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0093.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x53baf8c9, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x53baf8c9, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0093.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.426] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data" (normalized: "c:\\users\\rdhj0cnfevzx\\application data"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.488] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data" (normalized: "c:\\users\\rdhj0cnfevzx\\application data"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x15c [0093.488] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.488] GetFileInformationByHandleEx (in: hFile=0x15c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.488] CloseHandle (hObject=0x15c) returned 1 [0093.488] VirtualAlloc (lpAddress=0x1295c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1295c000 [0093.489] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292a6c0*, nNumberOfCharsToWrite=0x29, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1292a6c0*, lpNumberOfCharsWritten=0x128318b0*=0x29) returned 1 [0093.490] SetEvent (hEvent=0x10c) returned 1 [0093.491] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.491] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.491] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.491] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.491] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.491] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.491] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.491] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.491] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.491] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0093.492] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.492] GetFileType (hFile=0x15c) returned 0x1 [0093.492] WriteFile (in: hFile=0x15c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.492] CloseHandle (hObject=0x15c) returned 1 [0093.493] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x19c)) returned 1 [0093.493] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies" (normalized: "c:\\users\\rdhj0cnfevzx\\cookies"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.496] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies" (normalized: "c:\\users\\rdhj0cnfevzx\\cookies"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x15c [0093.496] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0093.496] GetFileInformationByHandleEx (in: hFile=0x15c, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0093.496] CloseHandle (hObject=0x15c) returned 1 [0093.496] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291ee00*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1291ee00*, lpNumberOfCharsWritten=0x128318b0*=0x20) returned 1 [0093.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xd58b4c8b, ftLastAccessTime.dwHighDateTime=0x1d74617, ftLastWriteTime.dwLowDateTime=0xd58b4c8b, ftLastWriteTime.dwHighDateTime=0x1d74617, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0093.525] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0093.525] VirtualAlloc (lpAddress=0x1295e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1295e000 [0093.526] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xd58b4c8b, ftLastAccessTime.dwHighDateTime=0x1d74617, ftLastWriteTime.dwLowDateTime=0xd58b4c8b, ftLastWriteTime.dwHighDateTime=0x1d74617, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.526] VirtualAlloc (lpAddress=0x12960000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12960000 [0093.526] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xd58b4c8b, ftLastAccessTime.dwHighDateTime=0x1d74617, ftLastWriteTime.dwLowDateTime=0xd58b4c8b, ftLastWriteTime.dwHighDateTime=0x1d74617, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.526] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58f3a570, ftCreationTime.dwHighDateTime=0x1d709a7, ftLastAccessTime.dwLowDateTime=0x9b013180, ftLastAccessTime.dwHighDateTime=0x1d709bb, ftLastWriteTime.dwLowDateTime=0x9b013180, ftLastWriteTime.dwHighDateTime=0x1d709bb, nFileSizeHigh=0x0, nFileSizeLow=0x2677, dwReserved0=0x0, dwReserved1=0x0, cFileName="1Km6TnsAdDf-JeC.jpg", cAlternateFileName="1KM6TN~1.JPG")) returned 1 [0093.526] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a9c26b0, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0xd5a311c0, ftLastAccessTime.dwHighDateTime=0x1d70a59, ftLastWriteTime.dwLowDateTime=0xd5a311c0, ftLastWriteTime.dwHighDateTime=0x1d70a59, nFileSizeHigh=0x0, nFileSizeLow=0xce4, dwReserved0=0x0, dwReserved1=0x0, cFileName="1mnoByBkAMXa.png", cAlternateFileName="1MNOBY~1.PNG")) returned 1 [0093.526] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53e9fe40, ftCreationTime.dwHighDateTime=0x1d6fc77, ftLastAccessTime.dwLowDateTime=0x57cd0760, ftLastAccessTime.dwHighDateTime=0x1d70905, ftLastWriteTime.dwLowDateTime=0x57cd0760, ftLastWriteTime.dwHighDateTime=0x1d70905, nFileSizeHigh=0x0, nFileSizeLow=0x1581c, dwReserved0=0x0, dwReserved1=0x0, cFileName="66BvrGNc-jk.wav", cAlternateFileName="66BVRG~1.WAV")) returned 1 [0093.526] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79708280, ftCreationTime.dwHighDateTime=0x1d70a35, ftLastAccessTime.dwLowDateTime=0xf61c4f50, ftLastAccessTime.dwHighDateTime=0x1d70a79, ftLastWriteTime.dwLowDateTime=0xf61c4f50, ftLastWriteTime.dwHighDateTime=0x1d70a79, nFileSizeHigh=0x0, nFileSizeLow=0x12ddf, dwReserved0=0x0, dwReserved1=0x0, cFileName="a95sccTOOgBT.ods", cAlternateFileName="A95SCC~1.ODS")) returned 1 [0093.526] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf57950, ftCreationTime.dwHighDateTime=0x1d70a7e, ftLastAccessTime.dwLowDateTime=0xadc8e420, ftLastAccessTime.dwHighDateTime=0x1d70a7e, ftLastWriteTime.dwLowDateTime=0xadc8e420, ftLastWriteTime.dwHighDateTime=0x1d70a7e, nFileSizeHigh=0x0, nFileSizeLow=0xf5a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cm6l_YapJvSAE.swf", cAlternateFileName="CM6L_Y~1.SWF")) returned 1 [0093.526] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d0642d0, ftCreationTime.dwHighDateTime=0x1d7082d, ftLastAccessTime.dwLowDateTime=0x387dd230, ftLastAccessTime.dwHighDateTime=0x1d709a6, ftLastWriteTime.dwLowDateTime=0x387dd230, ftLastWriteTime.dwHighDateTime=0x1d709a6, nFileSizeHigh=0x0, nFileSizeLow=0x797e, dwReserved0=0x0, dwReserved1=0x0, cFileName="dE-y9CgieV 4gFU.mp4", cAlternateFileName="DE-Y9C~1.MP4")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d9064f0, ftCreationTime.dwHighDateTime=0x1d6ff54, ftLastAccessTime.dwLowDateTime=0x247582e0, ftLastAccessTime.dwHighDateTime=0x1d70188, ftLastWriteTime.dwLowDateTime=0x247582e0, ftLastWriteTime.dwHighDateTime=0x1d70188, nFileSizeHigh=0x0, nFileSizeLow=0x23a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="HDIuMzsJvMzE8c5R.png", cAlternateFileName="HDIUMZ~1.PNG")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6600d2b0, ftCreationTime.dwHighDateTime=0x1d70425, ftLastAccessTime.dwLowDateTime=0xb9eb8b60, ftLastAccessTime.dwHighDateTime=0x1d7069e, ftLastWriteTime.dwLowDateTime=0xb9eb8b60, ftLastWriteTime.dwHighDateTime=0x1d7069e, nFileSizeHigh=0x0, nFileSizeLow=0x4a74, dwReserved0=0x0, dwReserved1=0x0, cFileName="irbhWMK5C3JR.bmp", cAlternateFileName="IRBHWM~1.BMP")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ed34410, ftCreationTime.dwHighDateTime=0x1d70813, ftLastAccessTime.dwLowDateTime=0x633b6520, ftLastAccessTime.dwHighDateTime=0x1d7098b, ftLastWriteTime.dwLowDateTime=0x633b6520, ftLastWriteTime.dwHighDateTime=0x1d7098b, nFileSizeHigh=0x0, nFileSizeLow=0x1724, dwReserved0=0x0, dwReserved1=0x0, cFileName="IVKiwu3f0ndhBaWgQn.m4a", cAlternateFileName="IVKIWU~1.M4A")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2cbe40f0, ftCreationTime.dwHighDateTime=0x1d7003d, ftLastAccessTime.dwLowDateTime=0xd1039530, ftLastAccessTime.dwHighDateTime=0x1d70357, ftLastWriteTime.dwLowDateTime=0xd1039530, ftLastWriteTime.dwHighDateTime=0x1d70357, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jJFhRvXx0-HQg", cAlternateFileName="JJFHRV~1")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed4e49a0, ftCreationTime.dwHighDateTime=0x1d7038a, ftLastAccessTime.dwLowDateTime=0x40ceab10, ftLastAccessTime.dwHighDateTime=0x1d706f1, ftLastWriteTime.dwLowDateTime=0x40ceab10, ftLastWriteTime.dwHighDateTime=0x1d706f1, nFileSizeHigh=0x0, nFileSizeLow=0xb050, dwReserved0=0x0, dwReserved1=0x0, cFileName="KWcSlr8.m4a", cAlternateFileName="")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77fc61c0, ftCreationTime.dwHighDateTime=0x1d708c4, ftLastAccessTime.dwLowDateTime=0xfc398a50, ftLastAccessTime.dwHighDateTime=0x1d709bc, ftLastWriteTime.dwLowDateTime=0xfc398a50, ftLastWriteTime.dwHighDateTime=0x1d709bc, nFileSizeHigh=0x0, nFileSizeLow=0x83df, dwReserved0=0x0, dwReserved1=0x0, cFileName="lL0dIZF59JV6cM.wav", cAlternateFileName="LL0DIZ~1.WAV")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cf82a40, ftCreationTime.dwHighDateTime=0x1d70722, ftLastAccessTime.dwLowDateTime=0xbb7c5510, ftLastAccessTime.dwHighDateTime=0x1d70881, ftLastWriteTime.dwLowDateTime=0xbb7c5510, ftLastWriteTime.dwHighDateTime=0x1d70881, nFileSizeHigh=0x0, nFileSizeLow=0x1574d, dwReserved0=0x0, dwReserved1=0x0, cFileName="lOzyAQY7oI.bmp", cAlternateFileName="LOZYAQ~1.BMP")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0ada80, ftCreationTime.dwHighDateTime=0x1d709dc, ftLastAccessTime.dwLowDateTime=0x3a8bdb50, ftLastAccessTime.dwHighDateTime=0x1d70a4e, ftLastWriteTime.dwLowDateTime=0x3a8bdb50, ftLastWriteTime.dwHighDateTime=0x1d70a4e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lsmenFxq-3ao", cAlternateFileName="LSMENF~1")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f142b70, ftCreationTime.dwHighDateTime=0x1d704e3, ftLastAccessTime.dwLowDateTime=0xecd0f1e0, ftLastAccessTime.dwHighDateTime=0x1d70730, ftLastWriteTime.dwLowDateTime=0xecd0f1e0, ftLastWriteTime.dwHighDateTime=0x1d70730, nFileSizeHigh=0x0, nFileSizeLow=0x5449, dwReserved0=0x0, dwReserved1=0x0, cFileName="LxtgF.png", cAlternateFileName="")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x250bb70, ftCreationTime.dwHighDateTime=0x1d6fbc6, ftLastAccessTime.dwLowDateTime=0x6f8a2b60, ftLastAccessTime.dwHighDateTime=0x1d6feda, ftLastWriteTime.dwLowDateTime=0x6f8a2b60, ftLastWriteTime.dwHighDateTime=0x1d6feda, nFileSizeHigh=0x0, nFileSizeLow=0x91fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="lXxjNJbLBvyc-mw.mp3", cAlternateFileName="LXXJNJ~1.MP3")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eaf4f00, ftCreationTime.dwHighDateTime=0x1d7055a, ftLastAccessTime.dwLowDateTime=0xc51c7070, ftLastAccessTime.dwHighDateTime=0x1d705af, ftLastWriteTime.dwLowDateTime=0xc51c7070, ftLastWriteTime.dwHighDateTime=0x1d705af, nFileSizeHigh=0x0, nFileSizeLow=0xcc40, dwReserved0=0x0, dwReserved1=0x0, cFileName="MLFJsoANMGkL6.png", cAlternateFileName="MLFJSO~1.PNG")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67dd1a10, ftCreationTime.dwHighDateTime=0x1d704a4, ftLastAccessTime.dwLowDateTime=0xffd0e810, ftLastAccessTime.dwHighDateTime=0x1d7099f, ftLastWriteTime.dwLowDateTime=0xffd0e810, ftLastWriteTime.dwHighDateTime=0x1d7099f, nFileSizeHigh=0x0, nFileSizeLow=0xdd34, dwReserved0=0x0, dwReserved1=0x0, cFileName="mWSShGr5fOi zdg0.csv", cAlternateFileName="MWSSHG~1.CSV")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2fc0680, ftCreationTime.dwHighDateTime=0x1d70047, ftLastAccessTime.dwLowDateTime=0xc837ce20, ftLastAccessTime.dwHighDateTime=0x1d70a79, ftLastWriteTime.dwLowDateTime=0xc837ce20, ftLastWriteTime.dwHighDateTime=0x1d70a79, nFileSizeHigh=0x0, nFileSizeLow=0x13689, dwReserved0=0x0, dwReserved1=0x0, cFileName="n0_FeAoVLpX4idGJgs.wav", cAlternateFileName="N0_FEA~1.WAV")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe876fc20, ftCreationTime.dwHighDateTime=0x1d701d6, ftLastAccessTime.dwLowDateTime=0x76183440, ftLastAccessTime.dwHighDateTime=0x1d703e9, ftLastWriteTime.dwLowDateTime=0x76183440, ftLastWriteTime.dwHighDateTime=0x1d703e9, nFileSizeHigh=0x0, nFileSizeLow=0x4700, dwReserved0=0x0, dwReserved1=0x0, cFileName="NbdjCTHjUzBe.jpg", cAlternateFileName="NBDJCT~1.JPG")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e4c5960, ftCreationTime.dwHighDateTime=0x1d6fa0d, ftLastAccessTime.dwLowDateTime=0x459ce5a0, ftLastAccessTime.dwHighDateTime=0x1d6fdd5, ftLastWriteTime.dwLowDateTime=0x459ce5a0, ftLastWriteTime.dwHighDateTime=0x1d6fdd5, nFileSizeHigh=0x0, nFileSizeLow=0xf057, dwReserved0=0x0, dwReserved1=0x0, cFileName="npFe-2XahFj.swf", cAlternateFileName="NPFE-2~1.SWF")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68e09360, ftCreationTime.dwHighDateTime=0x1d7030f, ftLastAccessTime.dwLowDateTime=0xa97771a0, ftLastAccessTime.dwHighDateTime=0x1d7061b, ftLastWriteTime.dwLowDateTime=0xa97771a0, ftLastWriteTime.dwHighDateTime=0x1d7061b, nFileSizeHigh=0x0, nFileSizeLow=0x82d, dwReserved0=0x0, dwReserved1=0x0, cFileName="nRv9Wkb9.mp3", cAlternateFileName="")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee2dde70, ftCreationTime.dwHighDateTime=0x1d7027d, ftLastAccessTime.dwLowDateTime=0x327db80, ftLastAccessTime.dwHighDateTime=0x1d70690, ftLastWriteTime.dwLowDateTime=0x327db80, ftLastWriteTime.dwHighDateTime=0x1d70690, nFileSizeHigh=0x0, nFileSizeLow=0x22a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="oCYK45iLz.m4a", cAlternateFileName="OCYK45~1.M4A")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf64e85f0, ftCreationTime.dwHighDateTime=0x1d70994, ftLastAccessTime.dwLowDateTime=0xfbaf8cd0, ftLastAccessTime.dwHighDateTime=0x1d70a4b, ftLastWriteTime.dwLowDateTime=0xfbaf8cd0, ftLastWriteTime.dwHighDateTime=0x1d70a4b, nFileSizeHigh=0x0, nFileSizeLow=0xc4da, dwReserved0=0x0, dwReserved1=0x0, cFileName="OKumVv-WW9xG3 X7.wav", cAlternateFileName="OKUMVV~1.WAV")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48137930, ftCreationTime.dwHighDateTime=0x1d70a31, ftLastAccessTime.dwLowDateTime=0x180365a0, ftLastAccessTime.dwHighDateTime=0x1d70a56, ftLastWriteTime.dwLowDateTime=0x180365a0, ftLastWriteTime.dwHighDateTime=0x1d70a56, nFileSizeHigh=0x0, nFileSizeLow=0xf910, dwReserved0=0x0, dwReserved1=0x0, cFileName="om7geSAayM_.swf", cAlternateFileName="OM7GES~1.SWF")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48fae460, ftCreationTime.dwHighDateTime=0x1d7063e, ftLastAccessTime.dwLowDateTime=0xb38f4b90, ftLastAccessTime.dwHighDateTime=0x1d709cc, ftLastWriteTime.dwLowDateTime=0xb38f4b90, ftLastWriteTime.dwHighDateTime=0x1d709cc, nFileSizeHigh=0x0, nFileSizeLow=0x9ef4, dwReserved0=0x0, dwReserved1=0x0, cFileName="qb_CobqM-NNuxFtHqK.mp3", cAlternateFileName="QB_COB~1.MP3")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0d8e650, ftCreationTime.dwHighDateTime=0x1d709c0, ftLastAccessTime.dwLowDateTime=0xb82c4e80, ftLastAccessTime.dwHighDateTime=0x1d70a28, ftLastWriteTime.dwLowDateTime=0xb82c4e80, ftLastWriteTime.dwHighDateTime=0x1d70a28, nFileSizeHigh=0x0, nFileSizeLow=0x168cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="qV2oI ZBBRMAHt8w.mkv", cAlternateFileName="QV2OIZ~1.MKV")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f29dd70, ftCreationTime.dwHighDateTime=0x1d6fb1f, ftLastAccessTime.dwLowDateTime=0x8f323f60, ftLastAccessTime.dwHighDateTime=0x1d70462, ftLastWriteTime.dwLowDateTime=0x8f323f60, ftLastWriteTime.dwHighDateTime=0x1d70462, nFileSizeHigh=0x0, nFileSizeLow=0x4fb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Qvi-dS4n9MsyIpDvRf.swf", cAlternateFileName="QVI-DS~1.SWF")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x142c29a0, ftCreationTime.dwHighDateTime=0x1d6fbd6, ftLastAccessTime.dwLowDateTime=0x2a757690, ftLastAccessTime.dwHighDateTime=0x1d701f7, ftLastWriteTime.dwLowDateTime=0x2a757690, ftLastWriteTime.dwHighDateTime=0x1d701f7, nFileSizeHigh=0x0, nFileSizeLow=0x992f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SnvV951PWU.png", cAlternateFileName="SNVV95~1.PNG")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad83b100, ftCreationTime.dwHighDateTime=0x1d74617, ftLastAccessTime.dwLowDateTime=0xae1c4780, ftLastAccessTime.dwHighDateTime=0x1d74617, ftLastWriteTime.dwLowDateTime=0x30583c00, ftLastWriteTime.dwHighDateTime=0x1d74617, nFileSizeHigh=0x0, nFileSizeLow=0x21ae00, dwReserved0=0x0, dwReserved1=0x0, cFileName="sosduf.exe", cAlternateFileName="")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64b8d8d0, ftCreationTime.dwHighDateTime=0x1d6ff84, ftLastAccessTime.dwLowDateTime=0xe2ab2070, ftLastAccessTime.dwHighDateTime=0x1d7021a, ftLastWriteTime.dwLowDateTime=0xe2ab2070, ftLastWriteTime.dwHighDateTime=0x1d7021a, nFileSizeHigh=0x0, nFileSizeLow=0x25c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="stBubxBe6y6z4niQjh2c.avi", cAlternateFileName="STBUBX~1.AVI")) returned 1 [0093.527] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x432646b0, ftCreationTime.dwHighDateTime=0x1d7004e, ftLastAccessTime.dwLowDateTime=0x9a8a96f0, ftLastAccessTime.dwHighDateTime=0x1d70a34, ftLastWriteTime.dwLowDateTime=0x9a8a96f0, ftLastWriteTime.dwHighDateTime=0x1d70a34, nFileSizeHigh=0x0, nFileSizeLow=0x1825f, dwReserved0=0x0, dwReserved1=0x0, cFileName="vfF9hHKjAPNcKqxY4A.bmp", cAlternateFileName="VFF9HH~1.BMP")) returned 1 [0093.527] VirtualAlloc (lpAddress=0x12962000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12962000 [0093.528] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x421d4ab0, ftCreationTime.dwHighDateTime=0x1d6fb36, ftLastAccessTime.dwLowDateTime=0x23d345a0, ftLastAccessTime.dwHighDateTime=0x1d7021b, ftLastWriteTime.dwLowDateTime=0x23d345a0, ftLastWriteTime.dwHighDateTime=0x1d7021b, nFileSizeHigh=0x0, nFileSizeLow=0xc335, dwReserved0=0x0, dwReserved1=0x0, cFileName="wzJn2zO_p-yHTkE3g4.gif", cAlternateFileName="WZJN2Z~1.GIF")) returned 1 [0093.528] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13db63c0, ftCreationTime.dwHighDateTime=0x1d703e8, ftLastAccessTime.dwLowDateTime=0xeaa0ce10, ftLastAccessTime.dwHighDateTime=0x1d706c5, ftLastWriteTime.dwLowDateTime=0xeaa0ce10, ftLastWriteTime.dwHighDateTime=0x1d706c5, nFileSizeHigh=0x0, nFileSizeLow=0x583d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZaUlEzOulRLVBjJU.m4a", cAlternateFileName="ZAULEZ~1.M4A")) returned 1 [0093.528] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11a51130, ftCreationTime.dwHighDateTime=0x1d70769, ftLastAccessTime.dwLowDateTime=0xfd30e50, ftLastAccessTime.dwHighDateTime=0x1d7077f, ftLastWriteTime.dwLowDateTime=0xfd30e50, ftLastWriteTime.dwHighDateTime=0x1d7077f, nFileSizeHigh=0x0, nFileSizeLow=0x1241f, dwReserved0=0x0, dwReserved1=0x0, cFileName="_wsI2QZy.swf", cAlternateFileName="")) returned 1 [0093.528] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.528] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.528] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0093.529] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0093.532] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0093.532] GetFileType (hFile=0x15c) returned 0x1 [0093.532] WriteFile (in: hFile=0x15c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0093.533] CloseHandle (hObject=0x15c) returned 1 [0093.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1Km6TnsAdDf-JeC.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1km6tnsaddf-jec.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58f3a570, ftCreationTime.dwHighDateTime=0x1d709a7, ftLastAccessTime.dwLowDateTime=0x9b013180, ftLastAccessTime.dwHighDateTime=0x1d709bb, ftLastWriteTime.dwLowDateTime=0x9b013180, ftLastWriteTime.dwHighDateTime=0x1d709bb, nFileSizeHigh=0x0, nFileSizeLow=0x2677)) returned 1 [0093.541] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12936700*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12936700*, lpNumberOfCharsWritten=0x12831848*=0x37) returned 1 [0093.544] SetEvent (hEvent=0x10c) returned 1 [0093.544] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1mnoByBkAMXa.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1mnobybkamxa.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a9c26b0, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0xd5a311c0, ftLastAccessTime.dwHighDateTime=0x1d70a59, ftLastWriteTime.dwLowDateTime=0xd5a311c0, ftLastWriteTime.dwHighDateTime=0x1d70a59, nFileSizeHigh=0x0, nFileSizeLow=0xce4)) returned 1 [0093.545] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12936770*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12936770*, lpNumberOfCharsWritten=0x12831848*=0x34) returned 1 [0093.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\66BvrGNc-jk.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\66bvrgnc-jk.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53e9fe40, ftCreationTime.dwHighDateTime=0x1d6fc77, ftLastAccessTime.dwLowDateTime=0x57cd0760, ftLastAccessTime.dwHighDateTime=0x1d70905, ftLastWriteTime.dwLowDateTime=0x57cd0760, ftLastWriteTime.dwHighDateTime=0x1d70905, nFileSizeHigh=0x0, nFileSizeLow=0x1581c)) returned 1 [0093.566] VirtualAlloc (lpAddress=0x129a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129a6000 [0093.567] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6000*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6000*, lpNumberOfCharsWritten=0x12831848*=0x34) returned 1 [0093.603] SetEvent (hEvent=0x144) returned 1 [0093.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cm6l_YapJvSAE.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cm6l_yapjvsae.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf57950, ftCreationTime.dwHighDateTime=0x1d70a7e, ftLastAccessTime.dwLowDateTime=0xadc8e420, ftLastAccessTime.dwHighDateTime=0x1d70a7e, ftLastWriteTime.dwLowDateTime=0xadc8e420, ftLastWriteTime.dwHighDateTime=0x1d70a7e, nFileSizeHigh=0x0, nFileSizeLow=0xf5a3)) returned 1 [0093.604] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6070*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6070*, lpNumberOfCharsWritten=0x12831848*=0x36) returned 1 [0093.615] VirtualAlloc (lpAddress=0x129a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129a8000 [0093.615] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HDIuMzsJvMzE8c5R.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\hdiumzsjvmze8c5r.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d9064f0, ftCreationTime.dwHighDateTime=0x1d6ff54, ftLastAccessTime.dwLowDateTime=0x247582e0, ftLastAccessTime.dwHighDateTime=0x1d70188, ftLastWriteTime.dwLowDateTime=0x247582e0, ftLastWriteTime.dwHighDateTime=0x1d70188, nFileSizeHigh=0x0, nFileSizeLow=0x23a2)) returned 1 [0093.615] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6150*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6150*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0093.619] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0093.626] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IVKiwu3f0ndhBaWgQn.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ivkiwu3f0ndhbawgqn.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ed34410, ftCreationTime.dwHighDateTime=0x1d70813, ftLastAccessTime.dwLowDateTime=0x633b6520, ftLastAccessTime.dwHighDateTime=0x1d7098b, ftLastWriteTime.dwLowDateTime=0x633b6520, ftLastWriteTime.dwHighDateTime=0x1d7098b, nFileSizeHigh=0x0, nFileSizeLow=0x1724)) returned 1 [0093.626] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12800380*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12800380*, lpNumberOfCharsWritten=0x12831848*=0x3a) returned 1 [0093.636] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KWcSlr8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kwcslr8.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed4e49a0, ftCreationTime.dwHighDateTime=0x1d7038a, ftLastAccessTime.dwLowDateTime=0x40ceab10, ftLastAccessTime.dwHighDateTime=0x1d706f1, ftLastWriteTime.dwLowDateTime=0x40ceab10, ftLastWriteTime.dwHighDateTime=0x1d706f1, nFileSizeHigh=0x0, nFileSizeLow=0xb050)) returned 1 [0093.636] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12868660*, nNumberOfCharsToWrite=0x30, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12868660*, lpNumberOfCharsWritten=0x12831848*=0x30) returned 1 [0093.667] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0093.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LxtgF.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxtgf.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f142b70, ftCreationTime.dwHighDateTime=0x1d704e3, ftLastAccessTime.dwLowDateTime=0xecd0f1e0, ftLastAccessTime.dwHighDateTime=0x1d70730, ftLastWriteTime.dwLowDateTime=0xecd0f1e0, ftLastWriteTime.dwHighDateTime=0x1d70730, nFileSizeHigh=0x0, nFileSizeLow=0x5449)) returned 1 [0093.804] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129965a0*, nNumberOfCharsToWrite=0x2e, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129965a0*, lpNumberOfCharsWritten=0x12831848*=0x2e) returned 1 [0093.825] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\MLFJsoANMGkL6.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mlfjsoanmgkl6.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eaf4f00, ftCreationTime.dwHighDateTime=0x1d7055a, ftLastAccessTime.dwLowDateTime=0xc51c7070, ftLastAccessTime.dwHighDateTime=0x1d705af, ftLastWriteTime.dwLowDateTime=0xc51c7070, ftLastWriteTime.dwHighDateTime=0x1d705af, nFileSizeHigh=0x0, nFileSizeLow=0xcc40)) returned 1 [0093.826] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a61c0*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a61c0*, lpNumberOfCharsWritten=0x12831848*=0x36) returned 1 [0093.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NbdjCTHjUzBe.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nbdjcthjuzbe.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe876fc20, ftCreationTime.dwHighDateTime=0x1d701d6, ftLastAccessTime.dwLowDateTime=0x76183440, ftLastAccessTime.dwHighDateTime=0x1d703e9, ftLastWriteTime.dwLowDateTime=0x76183440, ftLastWriteTime.dwHighDateTime=0x1d703e9, nFileSizeHigh=0x0, nFileSizeLow=0x4700)) returned 1 [0093.844] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ce3f0*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ce3f0*, lpNumberOfCharsWritten=0x12831848*=0x35) returned 1 [0093.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\OKumVv-WW9xG3 X7.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\okumvv-ww9xg3 x7.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf64e85f0, ftCreationTime.dwHighDateTime=0x1d70994, ftLastAccessTime.dwLowDateTime=0xfbaf8cd0, ftLastAccessTime.dwHighDateTime=0x1d70a4b, ftLastWriteTime.dwLowDateTime=0xfbaf8cd0, ftLastWriteTime.dwHighDateTime=0x1d70a4b, nFileSizeHigh=0x0, nFileSizeLow=0xc4da)) returned 1 [0093.877] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ac080*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129ac080*, lpNumberOfCharsWritten=0x12831848*=0x39) returned 1 [0093.894] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0093.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Qvi-dS4n9MsyIpDvRf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qvi-ds4n9msyipdvrf.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f29dd70, ftCreationTime.dwHighDateTime=0x1d6fb1f, ftLastAccessTime.dwLowDateTime=0x8f323f60, ftLastAccessTime.dwHighDateTime=0x1d70462, ftLastWriteTime.dwLowDateTime=0x8f323f60, ftLastWriteTime.dwHighDateTime=0x1d70462, nFileSizeHigh=0x0, nFileSizeLow=0x4fb3)) returned 1 [0093.898] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970180*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12970180*, lpNumberOfCharsWritten=0x12831848*=0x3b) returned 1 [0093.919] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SnvV951PWU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\snvv951pwu.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x142c29a0, ftCreationTime.dwHighDateTime=0x1d6fbd6, ftLastAccessTime.dwLowDateTime=0x2a757690, ftLastAccessTime.dwHighDateTime=0x1d701f7, ftLastWriteTime.dwLowDateTime=0x2a757690, ftLastWriteTime.dwHighDateTime=0x1d701f7, nFileSizeHigh=0x0, nFileSizeLow=0x992f)) returned 1 [0093.919] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129368c0*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129368c0*, lpNumberOfCharsWritten=0x12831848*=0x33) returned 1 [0093.975] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0094.005] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZaUlEzOulRLVBjJU.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zaulezoulrlvbjju.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13db63c0, ftCreationTime.dwHighDateTime=0x1d703e8, ftLastAccessTime.dwLowDateTime=0xeaa0ce10, ftLastAccessTime.dwHighDateTime=0x1d706c5, ftLastWriteTime.dwLowDateTime=0xeaa0ce10, ftLastWriteTime.dwHighDateTime=0x1d706c5, nFileSizeHigh=0x0, nFileSizeLow=0x583d)) returned 1 [0094.005] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882180*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12882180*, lpNumberOfCharsWritten=0x12831848*=0x39) returned 1 [0094.015] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\_wsI2QZy.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_wsi2qzy.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11a51130, ftCreationTime.dwHighDateTime=0x1d70769, ftLastAccessTime.dwLowDateTime=0xfd30e50, ftLastAccessTime.dwHighDateTime=0x1d7077f, ftLastWriteTime.dwLowDateTime=0xfd30e50, ftLastWriteTime.dwHighDateTime=0x1d7077f, nFileSizeHigh=0x0, nFileSizeLow=0x1241f)) returned 1 [0094.015] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ce4d0*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ce4d0*, lpNumberOfCharsWritten=0x12831848*=0x31) returned 1 [0094.034] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0094.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a95sccTOOgBT.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a95scctoogbt.ods"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79708280, ftCreationTime.dwHighDateTime=0x1d70a35, ftLastAccessTime.dwLowDateTime=0xf61c4f50, ftLastAccessTime.dwHighDateTime=0x1d70a79, ftLastWriteTime.dwLowDateTime=0xf61c4f50, ftLastWriteTime.dwHighDateTime=0x1d70a79, nFileSizeHigh=0x0, nFileSizeLow=0x12ddf)) returned 1 [0094.086] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12814620*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12814620*, lpNumberOfCharsWritten=0x12831848*=0x35) returned 1 [0094.099] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\dE-y9CgieV 4gFU.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\de-y9cgiev 4gfu.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d0642d0, ftCreationTime.dwHighDateTime=0x1d7082d, ftLastAccessTime.dwLowDateTime=0x387dd230, ftLastAccessTime.dwHighDateTime=0x1d709a6, ftLastWriteTime.dwLowDateTime=0x387dd230, ftLastWriteTime.dwHighDateTime=0x1d709a6, nFileSizeHigh=0x0, nFileSizeLow=0x797e)) returned 1 [0094.099] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12814700*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12814700*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0094.112] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0094.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0094.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\irbhWMK5C3JR.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\irbhwmk5c3jr.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6600d2b0, ftCreationTime.dwHighDateTime=0x1d70425, ftLastAccessTime.dwLowDateTime=0xb9eb8b60, ftLastAccessTime.dwHighDateTime=0x1d7069e, ftLastWriteTime.dwLowDateTime=0xb9eb8b60, ftLastWriteTime.dwHighDateTime=0x1d7069e, nFileSizeHigh=0x0, nFileSizeLow=0x4a74)) returned 1 [0094.140] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a64d0*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a64d0*, lpNumberOfCharsWritten=0x12831848*=0x35) returned 1 [0094.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2cbe40f0, ftCreationTime.dwHighDateTime=0x1d7003d, ftLastAccessTime.dwLowDateTime=0xd1039530, ftLastAccessTime.dwHighDateTime=0x1d70357, ftLastWriteTime.dwLowDateTime=0xd1039530, ftLastWriteTime.dwHighDateTime=0x1d70357, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0094.149] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0094.149] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2cbe40f0, ftCreationTime.dwHighDateTime=0x1d7003d, ftLastAccessTime.dwLowDateTime=0xd1039530, ftLastAccessTime.dwHighDateTime=0x1d70357, ftLastWriteTime.dwLowDateTime=0xd1039530, ftLastWriteTime.dwHighDateTime=0x1d70357, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0094.149] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2cbe40f0, ftCreationTime.dwHighDateTime=0x1d7003d, ftLastAccessTime.dwLowDateTime=0xd1039530, ftLastAccessTime.dwHighDateTime=0x1d70357, ftLastWriteTime.dwLowDateTime=0xd1039530, ftLastWriteTime.dwHighDateTime=0x1d70357, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.149] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69a54cc0, ftCreationTime.dwHighDateTime=0x1d6fd9a, ftLastAccessTime.dwLowDateTime=0xd41ac2d0, ftLastAccessTime.dwHighDateTime=0x1d70892, ftLastWriteTime.dwLowDateTime=0xd41ac2d0, ftLastWriteTime.dwHighDateTime=0x1d70892, nFileSizeHigh=0x0, nFileSizeLow=0x82d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="AEQRz5sBzZhVu.bmp", cAlternateFileName="AEQRZ5~1.BMP")) returned 1 [0094.149] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4695b3f0, ftCreationTime.dwHighDateTime=0x1d7062d, ftLastAccessTime.dwLowDateTime=0xcc1acec0, ftLastAccessTime.dwHighDateTime=0x1d709f7, ftLastWriteTime.dwLowDateTime=0xcc1acec0, ftLastWriteTime.dwHighDateTime=0x1d709f7, nFileSizeHigh=0x0, nFileSizeLow=0x5a24, dwReserved0=0x0, dwReserved1=0x0, cFileName="CtCB.avi", cAlternateFileName="")) returned 1 [0094.149] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7073b130, ftCreationTime.dwHighDateTime=0x1d70813, ftLastAccessTime.dwLowDateTime=0x354ec820, ftLastAccessTime.dwHighDateTime=0x1d7088f, ftLastWriteTime.dwLowDateTime=0x354ec820, ftLastWriteTime.dwHighDateTime=0x1d7088f, nFileSizeHigh=0x0, nFileSizeLow=0x171b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="CVQ7.mp4", cAlternateFileName="")) returned 1 [0094.149] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dc37ff0, ftCreationTime.dwHighDateTime=0x1d709ae, ftLastAccessTime.dwLowDateTime=0xeecc5770, ftLastAccessTime.dwHighDateTime=0x1d709c7, ftLastWriteTime.dwLowDateTime=0xeecc5770, ftLastWriteTime.dwHighDateTime=0x1d709c7, nFileSizeHigh=0x0, nFileSizeLow=0xc328, dwReserved0=0x0, dwReserved1=0x0, cFileName="EmxH.ppt", cAlternateFileName="")) returned 1 [0094.150] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xff5578b0, ftCreationTime.dwHighDateTime=0x1d7073d, ftLastAccessTime.dwLowDateTime=0xce396c30, ftLastAccessTime.dwHighDateTime=0x1d7078a, ftLastWriteTime.dwLowDateTime=0xce396c30, ftLastWriteTime.dwHighDateTime=0x1d7078a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eRZYW5m", cAlternateFileName="")) returned 1 [0094.150] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c8dcf20, ftCreationTime.dwHighDateTime=0x1d6fd16, ftLastAccessTime.dwLowDateTime=0x6f7d9b90, ftLastAccessTime.dwHighDateTime=0x1d6fe06, ftLastWriteTime.dwLowDateTime=0x6f7d9b90, ftLastWriteTime.dwHighDateTime=0x1d6fe06, nFileSizeHigh=0x0, nFileSizeLow=0x111fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="gSBPZvGU21Z-uNb.mkv", cAlternateFileName="GSBPZV~1.MKV")) returned 1 [0094.150] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98140b40, ftCreationTime.dwHighDateTime=0x1d7065b, ftLastAccessTime.dwLowDateTime=0x2af345a0, ftLastAccessTime.dwHighDateTime=0x1d708e8, ftLastWriteTime.dwLowDateTime=0x2af345a0, ftLastWriteTime.dwHighDateTime=0x1d708e8, nFileSizeHigh=0x0, nFileSizeLow=0x722f, dwReserved0=0x0, dwReserved1=0x0, cFileName="LYDVGBJ4IFd.png", cAlternateFileName="LYDVGB~1.PNG")) returned 1 [0094.150] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4050f680, ftCreationTime.dwHighDateTime=0x1d70768, ftLastAccessTime.dwLowDateTime=0x6ae10e60, ftLastAccessTime.dwHighDateTime=0x1d707dd, ftLastWriteTime.dwLowDateTime=0x6ae10e60, ftLastWriteTime.dwHighDateTime=0x1d707dd, nFileSizeHigh=0x0, nFileSizeLow=0x5923, dwReserved0=0x0, dwReserved1=0x0, cFileName="O7NH.jpg", cAlternateFileName="")) returned 1 [0094.150] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x807a4240, ftCreationTime.dwHighDateTime=0x1d70126, ftLastAccessTime.dwLowDateTime=0xac113ec0, ftLastAccessTime.dwHighDateTime=0x1d709de, ftLastWriteTime.dwLowDateTime=0xac113ec0, ftLastWriteTime.dwHighDateTime=0x1d709de, nFileSizeHigh=0x0, nFileSizeLow=0xb057, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wl80P.png", cAlternateFileName="")) returned 1 [0094.150] VirtualAlloc (lpAddress=0x129e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129e0000 [0094.150] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.150] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0094.150] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.150] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0094.150] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0094.224] SetEvent (hEvent=0x13c) returned 1 [0094.224] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0094.224] GetFileType (hFile=0x15c) returned 0x1 [0094.224] WriteFile (in: hFile=0x15c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0094.225] CloseHandle (hObject=0x15c) returned 1 [0094.264] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\AEQRz5sBzZhVu.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\aeqrz5sbzzhvu.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69a54cc0, ftCreationTime.dwHighDateTime=0x1d6fd9a, ftLastAccessTime.dwLowDateTime=0xd41ac2d0, ftLastAccessTime.dwHighDateTime=0x1d70892, ftLastWriteTime.dwLowDateTime=0xd41ac2d0, ftLastWriteTime.dwHighDateTime=0x1d70892, nFileSizeHigh=0x0, nFileSizeLow=0x82d5)) returned 1 [0094.264] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292e750*, nNumberOfCharsToWrite=0x44, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x1292e750*, lpNumberOfCharsWritten=0x128317e0*=0x44) returned 1 [0094.281] SetEvent (hEvent=0x10c) returned 1 [0094.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CVQ7.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\cvq7.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7073b130, ftCreationTime.dwHighDateTime=0x1d70813, ftLastAccessTime.dwLowDateTime=0x354ec820, ftLastAccessTime.dwHighDateTime=0x1d7088f, ftLastWriteTime.dwLowDateTime=0x354ec820, ftLastWriteTime.dwHighDateTime=0x1d7088f, nFileSizeHigh=0x0, nFileSizeLow=0x171b4)) returned 1 [0094.281] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970500*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12970500*, lpNumberOfCharsWritten=0x128317e0*=0x3b) returned 1 [0094.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CtCB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\ctcb.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4695b3f0, ftCreationTime.dwHighDateTime=0x1d7062d, ftLastAccessTime.dwLowDateTime=0xcc1acec0, ftLastAccessTime.dwHighDateTime=0x1d709f7, ftLastWriteTime.dwLowDateTime=0xcc1acec0, ftLastWriteTime.dwHighDateTime=0x1d709f7, nFileSizeHigh=0x0, nFileSizeLow=0x5a24)) returned 1 [0094.300] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ac380*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129ac380*, lpNumberOfCharsWritten=0x128317e0*=0x3b) returned 1 [0094.320] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\EmxH.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\emxh.ppt"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dc37ff0, ftCreationTime.dwHighDateTime=0x1d709ae, ftLastAccessTime.dwLowDateTime=0xeecc5770, ftLastAccessTime.dwHighDateTime=0x1d709c7, ftLastWriteTime.dwLowDateTime=0xeecc5770, ftLastWriteTime.dwHighDateTime=0x1d709c7, nFileSizeHigh=0x0, nFileSizeLow=0xc328)) returned 1 [0094.320] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ac400*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129ac400*, lpNumberOfCharsWritten=0x128317e0*=0x3b) returned 1 [0094.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\LYDVGBJ4IFd.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\lydvgbj4ifd.png"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98140b40, ftCreationTime.dwHighDateTime=0x1d7065b, ftLastAccessTime.dwLowDateTime=0x2af345a0, ftLastAccessTime.dwHighDateTime=0x1d708e8, ftLastWriteTime.dwLowDateTime=0x2af345a0, ftLastWriteTime.dwHighDateTime=0x1d708e8, nFileSizeHigh=0x0, nFileSizeLow=0x722f)) returned 1 [0094.339] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d62d0*, nNumberOfCharsToWrite=0x42, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x128d62d0*, lpNumberOfCharsWritten=0x128317e0*=0x42) returned 1 [0094.352] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0094.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\O7NH.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\o7nh.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4050f680, ftCreationTime.dwHighDateTime=0x1d70768, ftLastAccessTime.dwLowDateTime=0x6ae10e60, ftLastAccessTime.dwHighDateTime=0x1d707dd, ftLastWriteTime.dwLowDateTime=0x6ae10e60, ftLastWriteTime.dwHighDateTime=0x1d707dd, nFileSizeHigh=0x0, nFileSizeLow=0x5923)) returned 1 [0094.356] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ac500*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129ac500*, lpNumberOfCharsWritten=0x128317e0*=0x3b) returned 1 [0094.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\Wl80P.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\wl80p.png"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x807a4240, ftCreationTime.dwHighDateTime=0x1d70126, ftLastAccessTime.dwLowDateTime=0xac113ec0, ftLastAccessTime.dwHighDateTime=0x1d709de, ftLastWriteTime.dwLowDateTime=0xac113ec0, ftLastWriteTime.dwHighDateTime=0x1d709de, nFileSizeHigh=0x0, nFileSizeLow=0xb057)) returned 1 [0094.376] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ac580*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129ac580*, lpNumberOfCharsWritten=0x128317e0*=0x3c) returned 1 [0094.385] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xff5578b0, ftCreationTime.dwHighDateTime=0x1d7073d, ftLastAccessTime.dwLowDateTime=0xce396c30, ftLastAccessTime.dwHighDateTime=0x1d7078a, ftLastWriteTime.dwLowDateTime=0xce396c30, ftLastWriteTime.dwHighDateTime=0x1d7078a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0094.385] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0094.385] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\*", lpFindFileData=0x12831998 | out: lpFindFileData=0x12831998*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xff5578b0, ftCreationTime.dwHighDateTime=0x1d7073d, ftLastAccessTime.dwLowDateTime=0xce396c30, ftLastAccessTime.dwHighDateTime=0x1d7078a, ftLastWriteTime.dwLowDateTime=0xce396c30, ftLastWriteTime.dwHighDateTime=0x1d7078a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0094.385] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xff5578b0, ftCreationTime.dwHighDateTime=0x1d7073d, ftLastAccessTime.dwLowDateTime=0xce396c30, ftLastAccessTime.dwHighDateTime=0x1d7078a, ftLastWriteTime.dwLowDateTime=0xce396c30, ftLastWriteTime.dwHighDateTime=0x1d7078a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.386] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b74d40, ftCreationTime.dwHighDateTime=0x1d70369, ftLastAccessTime.dwLowDateTime=0x51cf3230, ftLastAccessTime.dwHighDateTime=0x1d70607, ftLastWriteTime.dwLowDateTime=0x51cf3230, ftLastWriteTime.dwHighDateTime=0x1d70607, nFileSizeHigh=0x0, nFileSizeLow=0x18f23, dwReserved0=0x0, dwReserved1=0x0, cFileName="DSGla4p6Xu.flv", cAlternateFileName="DSGLA4~1.FLV")) returned 1 [0094.386] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f15c50, ftCreationTime.dwHighDateTime=0x1d70a7f, ftLastAccessTime.dwLowDateTime=0x9e188390, ftLastAccessTime.dwHighDateTime=0x1d70a7f, ftLastWriteTime.dwLowDateTime=0x9e188390, ftLastWriteTime.dwHighDateTime=0x1d70a7f, nFileSizeHigh=0x0, nFileSizeLow=0x168ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="ILqBRPcatX7-wJ.mp3", cAlternateFileName="ILQBRP~1.MP3")) returned 1 [0094.386] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0d9e60, ftCreationTime.dwHighDateTime=0x1d7094e, ftLastAccessTime.dwLowDateTime=0xe755dd30, ftLastAccessTime.dwHighDateTime=0x1d70a04, ftLastWriteTime.dwLowDateTime=0xe755dd30, ftLastWriteTime.dwHighDateTime=0x1d70a04, nFileSizeHigh=0x0, nFileSizeLow=0x1325c, dwReserved0=0x0, dwReserved1=0x0, cFileName="p6jHL.avi", cAlternateFileName="")) returned 1 [0094.386] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa6d810, ftCreationTime.dwHighDateTime=0x1d7057f, ftLastAccessTime.dwLowDateTime=0x39ce8c10, ftLastAccessTime.dwHighDateTime=0x1d705eb, ftLastWriteTime.dwLowDateTime=0x39ce8c10, ftLastWriteTime.dwHighDateTime=0x1d705eb, nFileSizeHigh=0x0, nFileSizeLow=0x72ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="ySbQKDOOjrDH.m4a", cAlternateFileName="YSBQKD~1.M4A")) returned 1 [0094.386] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.386] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0094.386] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a1c | out: lpFileInformation=0x12831a1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.386] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0094.386] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0094.456] SetEvent (hEvent=0x13c) returned 1 [0094.456] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0x12831c34 | out: lpMode=0x12831c34) returned 0 [0094.456] GetFileType (hFile=0x164) returned 0x1 [0094.456] WriteFile (in: hFile=0x164, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c24, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c24*=0x2b8, lpOverlapped=0x0) returned 1 [0094.457] CloseHandle (hObject=0x164) returned 1 [0094.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\DSGla4p6Xu.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\dsgla4p6xu.flv"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b74d40, ftCreationTime.dwHighDateTime=0x1d70369, ftLastAccessTime.dwLowDateTime=0x51cf3230, ftLastAccessTime.dwHighDateTime=0x1d70607, ftLastWriteTime.dwLowDateTime=0x51cf3230, ftLastWriteTime.dwHighDateTime=0x1d70607, nFileSizeHigh=0x0, nFileSizeLow=0x18f23)) returned 1 [0094.458] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4460*, nNumberOfCharsToWrite=0x4a, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a4460*, lpNumberOfCharsWritten=0x12831778*=0x4a) returned 1 [0094.468] SetEvent (hEvent=0x144) returned 1 [0094.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ILqBRPcatX7-wJ.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ilqbrpcatx7-wj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f15c50, ftCreationTime.dwHighDateTime=0x1d70a7f, ftLastAccessTime.dwLowDateTime=0x9e188390, ftLastAccessTime.dwHighDateTime=0x1d70a7f, ftLastWriteTime.dwLowDateTime=0x9e188390, ftLastWriteTime.dwHighDateTime=0x1d70a7f, nFileSizeHigh=0x0, nFileSizeLow=0x168ef)) returned 1 [0094.468] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4500*, nNumberOfCharsToWrite=0x4d, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a4500*, lpNumberOfCharsWritten=0x12831778*=0x4d) returned 1 [0094.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\p6jHL.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\p6jhl.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0d9e60, ftCreationTime.dwHighDateTime=0x1d7094e, ftLastAccessTime.dwLowDateTime=0xe755dd30, ftLastAccessTime.dwHighDateTime=0x1d70a04, ftLastWriteTime.dwLowDateTime=0xe755dd30, ftLastWriteTime.dwHighDateTime=0x1d70a04, nFileSizeHigh=0x0, nFileSizeLow=0x1325c)) returned 1 [0094.489] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a01b0*, nNumberOfCharsToWrite=0x44, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a01b0*, lpNumberOfCharsWritten=0x12831778*=0x44) returned 1 [0094.511] VirtualAlloc (lpAddress=0x129ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129ec000 [0094.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ySbQKDOOjrDH.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ysbqkdoojrdh.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa6d810, ftCreationTime.dwHighDateTime=0x1d7057f, ftLastAccessTime.dwLowDateTime=0x39ce8c10, ftLastAccessTime.dwHighDateTime=0x1d705eb, ftLastWriteTime.dwLowDateTime=0x39ce8c10, ftLastWriteTime.dwHighDateTime=0x1d705eb, nFileSizeHigh=0x0, nFileSizeLow=0x72ad)) returned 1 [0094.511] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a45a0*, nNumberOfCharsToWrite=0x4b, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a45a0*, lpNumberOfCharsWritten=0x12831778*=0x4b) returned 1 [0094.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\gSBPZvGU21Z-uNb.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\gsbpzvgu21z-unb.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c8dcf20, ftCreationTime.dwHighDateTime=0x1d6fd16, ftLastAccessTime.dwLowDateTime=0x6f7d9b90, ftLastAccessTime.dwHighDateTime=0x1d6fe06, ftLastWriteTime.dwLowDateTime=0x6f7d9b90, ftLastWriteTime.dwHighDateTime=0x1d6fe06, nFileSizeHigh=0x0, nFileSizeLow=0x111fd)) returned 1 [0094.530] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a02d0*, nNumberOfCharsToWrite=0x46, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129a02d0*, lpNumberOfCharsWritten=0x128317e0*=0x46) returned 1 [0094.548] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lL0dIZF59JV6cM.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ll0dizf59jv6cm.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77fc61c0, ftCreationTime.dwHighDateTime=0x1d708c4, ftLastAccessTime.dwLowDateTime=0xfc398a50, ftLastAccessTime.dwHighDateTime=0x1d709bc, ftLastWriteTime.dwLowDateTime=0xfc398a50, ftLastWriteTime.dwHighDateTime=0x1d709bc, nFileSizeHigh=0x0, nFileSizeLow=0x83df)) returned 1 [0094.548] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a69a0*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a69a0*, lpNumberOfCharsWritten=0x12831848*=0x37) returned 1 [0094.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lOzyAQY7oI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lozyaqy7oi.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cf82a40, ftCreationTime.dwHighDateTime=0x1d70722, ftLastAccessTime.dwLowDateTime=0xbb7c5510, ftLastAccessTime.dwHighDateTime=0x1d70881, ftLastWriteTime.dwLowDateTime=0xbb7c5510, ftLastWriteTime.dwHighDateTime=0x1d70881, nFileSizeHigh=0x0, nFileSizeLow=0x1574d)) returned 1 [0094.571] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6a10*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6a10*, lpNumberOfCharsWritten=0x12831848*=0x33) returned 1 [0094.590] VirtualAlloc (lpAddress=0x129ee000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x129ee000 [0094.591] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lXxjNJbLBvyc-mw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxxjnjblbvyc-mw.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x250bb70, ftCreationTime.dwHighDateTime=0x1d6fbc6, ftLastAccessTime.dwLowDateTime=0x6f8a2b60, ftLastAccessTime.dwHighDateTime=0x1d6feda, ftLastWriteTime.dwLowDateTime=0x6f8a2b60, ftLastWriteTime.dwHighDateTime=0x1d6feda, nFileSizeHigh=0x0, nFileSizeLow=0x91fe)) returned 1 [0094.591] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6af0*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6af0*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0094.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0ada80, ftCreationTime.dwHighDateTime=0x1d709dc, ftLastAccessTime.dwLowDateTime=0x3a8bdb50, ftLastAccessTime.dwHighDateTime=0x1d70a4e, ftLastWriteTime.dwLowDateTime=0x3a8bdb50, ftLastWriteTime.dwHighDateTime=0x1d70a4e, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0094.603] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0094.603] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0ada80, ftCreationTime.dwHighDateTime=0x1d709dc, ftLastAccessTime.dwLowDateTime=0x3a8bdb50, ftLastAccessTime.dwHighDateTime=0x1d70a4e, ftLastWriteTime.dwLowDateTime=0x3a8bdb50, ftLastWriteTime.dwHighDateTime=0x1d70a4e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0094.603] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef0ada80, ftCreationTime.dwHighDateTime=0x1d709dc, ftLastAccessTime.dwLowDateTime=0x3a8bdb50, ftLastAccessTime.dwHighDateTime=0x1d70a4e, ftLastWriteTime.dwLowDateTime=0x3a8bdb50, ftLastWriteTime.dwHighDateTime=0x1d70a4e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.604] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x141d0920, ftCreationTime.dwHighDateTime=0x1d70252, ftLastAccessTime.dwLowDateTime=0xad5440d0, ftLastAccessTime.dwHighDateTime=0x1d70843, ftLastWriteTime.dwLowDateTime=0xad5440d0, ftLastWriteTime.dwHighDateTime=0x1d70843, nFileSizeHigh=0x0, nFileSizeLow=0x142db, dwReserved0=0x0, dwReserved1=0x0, cFileName="0dQqEwX7b_r-zpvAb.wav", cAlternateFileName="0DQQEW~1.WAV")) returned 1 [0094.604] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7da5eaf0, ftCreationTime.dwHighDateTime=0x1d6fca4, ftLastAccessTime.dwLowDateTime=0xec015e10, ftLastAccessTime.dwHighDateTime=0x1d6fe36, ftLastWriteTime.dwLowDateTime=0xec015e10, ftLastWriteTime.dwHighDateTime=0x1d6fe36, nFileSizeHigh=0x0, nFileSizeLow=0x8823, dwReserved0=0x0, dwReserved1=0x0, cFileName="3W3Heu.mkv", cAlternateFileName="")) returned 1 [0094.604] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f54eca0, ftCreationTime.dwHighDateTime=0x1d6ffd5, ftLastAccessTime.dwLowDateTime=0x5f3648f0, ftLastAccessTime.dwHighDateTime=0x1d7017a, ftLastWriteTime.dwLowDateTime=0x5f3648f0, ftLastWriteTime.dwHighDateTime=0x1d7017a, nFileSizeHigh=0x0, nFileSizeLow=0x4b0a, dwReserved0=0x0, dwReserved1=0x0, cFileName="AQIRwU.png", cAlternateFileName="")) returned 1 [0094.604] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c378d80, ftCreationTime.dwHighDateTime=0x1d6fea4, ftLastAccessTime.dwLowDateTime=0xe19a0350, ftLastAccessTime.dwHighDateTime=0x1d70282, ftLastWriteTime.dwLowDateTime=0xe19a0350, ftLastWriteTime.dwHighDateTime=0x1d70282, nFileSizeHigh=0x0, nFileSizeLow=0x177f, dwReserved0=0x0, dwReserved1=0x0, cFileName="EI7WNGL9jviw5Iu.pps", cAlternateFileName="EI7WNG~1.PPS")) returned 1 [0094.604] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7620cc70, ftCreationTime.dwHighDateTime=0x1d6ffdb, ftLastAccessTime.dwLowDateTime=0x6fa2d5b0, ftLastAccessTime.dwHighDateTime=0x1d7047b, ftLastWriteTime.dwLowDateTime=0x6fa2d5b0, ftLastWriteTime.dwHighDateTime=0x1d7047b, nFileSizeHigh=0x0, nFileSizeLow=0x382e, dwReserved0=0x0, dwReserved1=0x0, cFileName="zQmIs_lj7.flv", cAlternateFileName="ZQMIS_~1.FLV")) returned 1 [0094.604] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.604] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0094.604] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.604] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0094.604] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0094.758] GetConsoleMode (in: hConsoleHandle=0x200, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0094.758] GetFileType (hFile=0x200) returned 0x1 [0094.758] WriteFile (in: hFile=0x200, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0094.759] CloseHandle (hObject=0x200) returned 1 [0094.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\0dQqEwX7b_r-zpvAb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\0dqqewx7b_r-zpvab.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x141d0920, ftCreationTime.dwHighDateTime=0x1d70252, ftLastAccessTime.dwLowDateTime=0xad5440d0, ftLastAccessTime.dwHighDateTime=0x1d70843, ftLastWriteTime.dwLowDateTime=0xad5440d0, ftLastWriteTime.dwHighDateTime=0x1d70843, nFileSizeHigh=0x0, nFileSizeLow=0x142db)) returned 1 [0094.759] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a0480*, nNumberOfCharsToWrite=0x47, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129a0480*, lpNumberOfCharsWritten=0x128317e0*=0x47) returned 1 [0094.769] SetEvent (hEvent=0x200) returned 1 [0094.769] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\3W3Heu.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\3w3heu.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7da5eaf0, ftCreationTime.dwHighDateTime=0x1d6fca4, ftLastAccessTime.dwLowDateTime=0xec015e10, ftLastAccessTime.dwHighDateTime=0x1d6fe36, ftLastWriteTime.dwLowDateTime=0xec015e10, ftLastWriteTime.dwHighDateTime=0x1d6fe36, nFileSizeHigh=0x0, nFileSizeLow=0x8823)) returned 1 [0094.769] VirtualAlloc (lpAddress=0x12b54000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b54000 [0094.769] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882b00*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12882b00*, lpNumberOfCharsWritten=0x128317e0*=0x3c) returned 1 [0094.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\AQIRwU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\aqirwu.png"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f54eca0, ftCreationTime.dwHighDateTime=0x1d6ffd5, ftLastAccessTime.dwLowDateTime=0x5f3648f0, ftLastAccessTime.dwHighDateTime=0x1d7017a, ftLastWriteTime.dwLowDateTime=0x5f3648f0, ftLastWriteTime.dwHighDateTime=0x1d7017a, nFileSizeHigh=0x0, nFileSizeLow=0x4b0a)) returned 1 [0094.784] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970b00*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12970b00*, lpNumberOfCharsWritten=0x128317e0*=0x3c) returned 1 [0094.812] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0094.816] SetEvent (hEvent=0x1d0) returned 1 [0094.816] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\EI7WNGL9jviw5Iu.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\ei7wngl9jviw5iu.pps"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c378d80, ftCreationTime.dwHighDateTime=0x1d6fea4, ftLastAccessTime.dwLowDateTime=0xe19a0350, ftLastAccessTime.dwHighDateTime=0x1d70282, ftLastWriteTime.dwLowDateTime=0xe19a0350, ftLastWriteTime.dwHighDateTime=0x1d70282, nFileSizeHigh=0x0, nFileSizeLow=0x177f)) returned 1 [0094.816] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d67e0*, nNumberOfCharsToWrite=0x44, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x128d67e0*, lpNumberOfCharsWritten=0x128317e0*=0x44) returned 1 [0094.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\zQmIs_lj7.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\zqmis_lj7.flv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7620cc70, ftCreationTime.dwHighDateTime=0x1d6ffdb, ftLastAccessTime.dwLowDateTime=0x6fa2d5b0, ftLastAccessTime.dwHighDateTime=0x1d7047b, ftLastWriteTime.dwLowDateTime=0x6fa2d5b0, ftLastWriteTime.dwHighDateTime=0x1d7047b, nFileSizeHigh=0x0, nFileSizeLow=0x382e)) returned 1 [0094.836] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882d00*, nNumberOfCharsToWrite=0x3f, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12882d00*, lpNumberOfCharsWritten=0x128317e0*=0x3f) returned 1 [0094.861] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0094.869] SetEvent (hEvent=0x16c) returned 1 [0094.869] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mWSShGr5fOi zdg0.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mwsshgr5foi zdg0.csv"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67dd1a10, ftCreationTime.dwHighDateTime=0x1d704a4, ftLastAccessTime.dwLowDateTime=0xffd0e810, ftLastAccessTime.dwHighDateTime=0x1d7099f, ftLastWriteTime.dwLowDateTime=0xffd0e810, ftLastWriteTime.dwHighDateTime=0x1d7099f, nFileSizeHigh=0x0, nFileSizeLow=0xdd34)) returned 1 [0094.869] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882d80*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12882d80*, lpNumberOfCharsWritten=0x12831848*=0x39) returned 1 [0094.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\n0_FeAoVLpX4idGJgs.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\n0_feaovlpx4idgjgs.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2fc0680, ftCreationTime.dwHighDateTime=0x1d70047, ftLastAccessTime.dwLowDateTime=0xc837ce20, ftLastAccessTime.dwHighDateTime=0x1d70a79, ftLastWriteTime.dwLowDateTime=0xc837ce20, ftLastWriteTime.dwHighDateTime=0x1d70a79, nFileSizeHigh=0x0, nFileSizeLow=0x13689)) returned 1 [0094.894] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882e00*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12882e00*, lpNumberOfCharsWritten=0x12831848*=0x3b) returned 1 [0094.913] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\nRv9Wkb9.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nrv9wkb9.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68e09360, ftCreationTime.dwHighDateTime=0x1d7030f, ftLastAccessTime.dwLowDateTime=0xa97771a0, ftLastAccessTime.dwHighDateTime=0x1d7061b, ftLastWriteTime.dwLowDateTime=0xa97771a0, ftLastWriteTime.dwHighDateTime=0x1d7061b, nFileSizeHigh=0x0, nFileSizeLow=0x82d)) returned 1 [0094.914] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12996f60*, nNumberOfCharsToWrite=0x30, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12996f60*, lpNumberOfCharsWritten=0x12831848*=0x30) returned 1 [0094.963] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\npFe-2XahFj.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\npfe-2xahfj.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e4c5960, ftCreationTime.dwHighDateTime=0x1d6fa0d, ftLastAccessTime.dwLowDateTime=0x459ce5a0, ftLastAccessTime.dwHighDateTime=0x1d6fdd5, ftLastWriteTime.dwLowDateTime=0x459ce5a0, ftLastWriteTime.dwHighDateTime=0x1d6fdd5, nFileSizeHigh=0x0, nFileSizeLow=0xf057)) returned 1 [0094.963] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6d20*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6d20*, lpNumberOfCharsWritten=0x12831848*=0x34) returned 1 [0094.977] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\oCYK45iLz.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ocyk45ilz.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee2dde70, ftCreationTime.dwHighDateTime=0x1d7027d, ftLastAccessTime.dwLowDateTime=0x327db80, ftLastAccessTime.dwHighDateTime=0x1d70690, ftLastWriteTime.dwLowDateTime=0x327db80, ftLastWriteTime.dwHighDateTime=0x1d70690, nFileSizeHigh=0x0, nFileSizeLow=0x22a8)) returned 1 [0094.978] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6e00*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6e00*, lpNumberOfCharsWritten=0x12831848*=0x31) returned 1 [0094.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\om7geSAayM_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\om7gesaaym_.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48137930, ftCreationTime.dwHighDateTime=0x1d70a31, ftLastAccessTime.dwLowDateTime=0x180365a0, ftLastAccessTime.dwHighDateTime=0x1d70a56, ftLastWriteTime.dwLowDateTime=0x180365a0, ftLastWriteTime.dwHighDateTime=0x1d70a56, nFileSizeHigh=0x0, nFileSizeLow=0xf910)) returned 1 [0094.986] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12937340*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12937340*, lpNumberOfCharsWritten=0x12831848*=0x34) returned 1 [0095.017] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qV2oI ZBBRMAHt8w.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qv2oi zbbrmaht8w.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0d8e650, ftCreationTime.dwHighDateTime=0x1d709c0, ftLastAccessTime.dwLowDateTime=0xb82c4e80, ftLastAccessTime.dwHighDateTime=0x1d70a28, ftLastWriteTime.dwLowDateTime=0xb82c4e80, ftLastWriteTime.dwHighDateTime=0x1d70a28, nFileSizeHigh=0x0, nFileSizeLow=0x168cf)) returned 1 [0095.017] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129acb00*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129acb00*, lpNumberOfCharsWritten=0x12831848*=0x39) returned 1 [0095.036] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qb_CobqM-NNuxFtHqK.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qb_cobqm-nnuxfthqk.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48fae460, ftCreationTime.dwHighDateTime=0x1d7063e, ftLastAccessTime.dwLowDateTime=0xb38f4b90, ftLastAccessTime.dwHighDateTime=0x1d709cc, ftLastWriteTime.dwLowDateTime=0xb38f4b90, ftLastWriteTime.dwHighDateTime=0x1d709cc, nFileSizeHigh=0x0, nFileSizeLow=0x9ef4)) returned 1 [0095.036] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129acb80*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129acb80*, lpNumberOfCharsWritten=0x12831848*=0x3b) returned 1 [0095.050] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sosduf.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sosduf.exe"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad83b100, ftCreationTime.dwHighDateTime=0x1d74617, ftLastAccessTime.dwLowDateTime=0xae1c4780, ftLastAccessTime.dwHighDateTime=0x1d74617, ftLastWriteTime.dwLowDateTime=0x30583c00, ftLastWriteTime.dwHighDateTime=0x1d74617, nFileSizeHigh=0x0, nFileSizeLow=0x21ae00)) returned 1 [0095.050] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\stBubxBe6y6z4niQjh2c.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\stbubxbe6y6z4niqjh2c.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64b8d8d0, ftCreationTime.dwHighDateTime=0x1d6ff84, ftLastAccessTime.dwLowDateTime=0xe2ab2070, ftLastAccessTime.dwHighDateTime=0x1d7021a, ftLastWriteTime.dwLowDateTime=0xe2ab2070, ftLastWriteTime.dwHighDateTime=0x1d7021a, nFileSizeHigh=0x0, nFileSizeLow=0x25c3)) returned 1 [0095.050] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970c00*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12970c00*, lpNumberOfCharsWritten=0x12831848*=0x3c) returned 1 [0095.079] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0095.086] VirtualAlloc (lpAddress=0x12bae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bae000 [0095.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\vfF9hHKjAPNcKqxY4A.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vff9hhkjapnckqxy4a.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x432646b0, ftCreationTime.dwHighDateTime=0x1d7004e, ftLastAccessTime.dwLowDateTime=0x9a8a96f0, ftLastAccessTime.dwHighDateTime=0x1d70a34, ftLastWriteTime.dwLowDateTime=0x9a8a96f0, ftLastWriteTime.dwHighDateTime=0x1d70a34, nFileSizeHigh=0x0, nFileSizeLow=0x1825f)) returned 1 [0095.090] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129acc80*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129acc80*, lpNumberOfCharsWritten=0x12831848*=0x3b) returned 1 [0095.099] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\wzJn2zO_p-yHTkE3g4.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\wzjn2zo_p-yhtke3g4.gif"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x421d4ab0, ftCreationTime.dwHighDateTime=0x1d6fb36, ftLastAccessTime.dwLowDateTime=0x23d345a0, ftLastAccessTime.dwHighDateTime=0x1d7021b, ftLastWriteTime.dwLowDateTime=0x23d345a0, ftLastWriteTime.dwHighDateTime=0x1d7021b, nFileSizeHigh=0x0, nFileSizeLow=0xc335)) returned 1 [0095.099] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129acd00*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129acd00*, lpNumberOfCharsWritten=0x12831848*=0x3b) returned 1 [0095.111] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0095.123] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents" (normalized: "c:\\users\\rdhj0cnfevzx\\documents"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x535c2836, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x535c2836, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0095.123] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents" (normalized: "c:\\users\\rdhj0cnfevzx\\documents"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0095.123] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x535c2836, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x535c2836, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0095.123] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x535c2836, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x535c2836, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42d4d350, ftCreationTime.dwHighDateTime=0x1d709ba, ftLastAccessTime.dwLowDateTime=0x5b1878a0, ftLastAccessTime.dwHighDateTime=0x1d70a54, ftLastWriteTime.dwLowDateTime=0x5b1878a0, ftLastWriteTime.dwHighDateTime=0x1d70a54, nFileSizeHigh=0x0, nFileSizeLow=0x1849c, dwReserved0=0x0, dwReserved1=0x0, cFileName="0kERH4Zo.rtf", cAlternateFileName="")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dc314b0, ftCreationTime.dwHighDateTime=0x1d6ef29, ftLastAccessTime.dwLowDateTime=0x2f6b5860, ftLastAccessTime.dwHighDateTime=0x1d70065, ftLastWriteTime.dwLowDateTime=0x2f6b5860, ftLastWriteTime.dwHighDateTime=0x1d70065, nFileSizeHigh=0x0, nFileSizeLow=0x115cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="1fL3-I81Z4OYL.pptx", cAlternateFileName="1FL3-I~1.PPT")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df66410, ftCreationTime.dwHighDateTime=0x1d6f4d1, ftLastAccessTime.dwLowDateTime=0x194396a0, ftLastAccessTime.dwHighDateTime=0x1d6fa17, ftLastWriteTime.dwLowDateTime=0x194396a0, ftLastWriteTime.dwHighDateTime=0x1d6fa17, nFileSizeHigh=0x0, nFileSizeLow=0x20cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="4OolYd_eSq8.pptx", cAlternateFileName="4OOLYD~1.PPT")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa9ef750, ftCreationTime.dwHighDateTime=0x1d6fd3e, ftLastAccessTime.dwLowDateTime=0xbdb5060, ftLastAccessTime.dwHighDateTime=0x1d6fe41, ftLastWriteTime.dwLowDateTime=0xbdb5060, ftLastWriteTime.dwHighDateTime=0x1d6fe41, nFileSizeHigh=0x0, nFileSizeLow=0x118ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="4XkNQsq6XKr_P6HMwtn.doc", cAlternateFileName="4XKNQS~1.DOC")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1821ad30, ftCreationTime.dwHighDateTime=0x1d67e97, ftLastAccessTime.dwLowDateTime=0xc9925eb0, ftLastAccessTime.dwHighDateTime=0x1d6ddcf, ftLastWriteTime.dwLowDateTime=0xc9925eb0, ftLastWriteTime.dwHighDateTime=0x1d6ddcf, nFileSizeHigh=0x0, nFileSizeLow=0xd303, dwReserved0=0x0, dwReserved1=0x0, cFileName="6KaGGKzw-OwQUh4.docx", cAlternateFileName="6KAGGK~1.DOC")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x408fb5d0, ftCreationTime.dwHighDateTime=0x1d68a38, ftLastAccessTime.dwLowDateTime=0xcf624a20, ftLastAccessTime.dwHighDateTime=0x1d6969f, ftLastWriteTime.dwLowDateTime=0xcf624a20, ftLastWriteTime.dwHighDateTime=0x1d6969f, nFileSizeHigh=0x0, nFileSizeLow=0xc3d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="90Gb-.docx", cAlternateFileName="90GB-~1.DOC")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4372e947, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cdd3f0, ftCreationTime.dwHighDateTime=0x1d704fa, ftLastAccessTime.dwLowDateTime=0x43bb1e70, ftLastAccessTime.dwHighDateTime=0x1d70927, ftLastWriteTime.dwLowDateTime=0x43bb1e70, ftLastWriteTime.dwHighDateTime=0x1d70927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ea6EH7e6iYLk5qzARj9", cAlternateFileName="EA6EH7~1")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b5d6e30, ftCreationTime.dwHighDateTime=0x1d70394, ftLastAccessTime.dwLowDateTime=0x81734690, ftLastAccessTime.dwHighDateTime=0x1d704bb, ftLastWriteTime.dwLowDateTime=0x81734690, ftLastWriteTime.dwHighDateTime=0x1d704bb, nFileSizeHigh=0x0, nFileSizeLow=0x13c0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="H09VzhhJy701Zn.pptx", cAlternateFileName="H09VZH~1.PPT")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x626730a0, ftCreationTime.dwHighDateTime=0x1d68e86, ftLastAccessTime.dwLowDateTime=0x1eff9a10, ftLastAccessTime.dwHighDateTime=0x1d6ef2e, ftLastWriteTime.dwLowDateTime=0x1eff9a10, ftLastWriteTime.dwHighDateTime=0x1d6ef2e, nFileSizeHigh=0x0, nFileSizeLow=0xdd0d, dwReserved0=0x0, dwReserved1=0x0, cFileName="HZH9ZrMuSr.pptx", cAlternateFileName="HZH9ZR~1.PPT")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe04e3b40, ftCreationTime.dwHighDateTime=0x1d70568, ftLastAccessTime.dwLowDateTime=0xd0fb4fb0, ftLastAccessTime.dwHighDateTime=0x1d70a19, ftLastWriteTime.dwLowDateTime=0xd0fb4fb0, ftLastWriteTime.dwHighDateTime=0x1d70a19, nFileSizeHigh=0x0, nFileSizeLow=0x2fe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="I-BK4YVGg1b.rtf", cAlternateFileName="I-BK4Y~1.RTF")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x131081a0, ftCreationTime.dwHighDateTime=0x1d700d2, ftLastAccessTime.dwLowDateTime=0x18b86880, ftLastAccessTime.dwHighDateTime=0x1d70329, ftLastWriteTime.dwLowDateTime=0x18b86880, ftLastWriteTime.dwHighDateTime=0x1d70329, nFileSizeHigh=0x0, nFileSizeLow=0x1d05, dwReserved0=0x0, dwReserved1=0x0, cFileName="iNydqE6ZqnU-cP.ppt", cAlternateFileName="INYDQE~1.PPT")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfef6ba80, ftCreationTime.dwHighDateTime=0x1d6b154, ftLastAccessTime.dwLowDateTime=0xa957ee0, ftLastAccessTime.dwHighDateTime=0x1d6b8b1, ftLastWriteTime.dwLowDateTime=0xa957ee0, ftLastWriteTime.dwHighDateTime=0x1d6b8b1, nFileSizeHigh=0x0, nFileSizeLow=0x14218, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lyucj2S2OOss7KdI.pptx", cAlternateFileName="LYUCJ2~1.PPT")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1dbf9a0, ftCreationTime.dwHighDateTime=0x1d70a43, ftLastAccessTime.dwLowDateTime=0x6cb9bea0, ftLastAccessTime.dwHighDateTime=0x1d70a51, ftLastWriteTime.dwLowDateTime=0x6cb9bea0, ftLastWriteTime.dwHighDateTime=0x1d70a51, nFileSizeHigh=0x0, nFileSizeLow=0x12060, dwReserved0=0x0, dwReserved1=0x0, cFileName="N11qWtgLG.docx", cAlternateFileName="N11QWT~1.DOC")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41e8eaa0, ftCreationTime.dwHighDateTime=0x1d6f70c, ftLastAccessTime.dwLowDateTime=0x7fd4b8a0, ftLastAccessTime.dwHighDateTime=0x1d70385, ftLastWriteTime.dwLowDateTime=0x7fd4b8a0, ftLastWriteTime.dwHighDateTime=0x1d70385, nFileSizeHigh=0x0, nFileSizeLow=0x6620, dwReserved0=0x0, dwReserved1=0x0, cFileName="nlgyKb7bVH6VfuCYA.xlsx", cAlternateFileName="NLGYKB~1.XLS")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42b59320, ftCreationTime.dwHighDateTime=0x1d701c5, ftLastAccessTime.dwLowDateTime=0xfef70f50, ftLastAccessTime.dwHighDateTime=0x1d702fb, ftLastWriteTime.dwLowDateTime=0xfef70f50, ftLastWriteTime.dwHighDateTime=0x1d702fb, nFileSizeHigh=0x0, nFileSizeLow=0x14ef3, dwReserved0=0x0, dwReserved1=0x0, cFileName="nzJDx.ods", cAlternateFileName="")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x65ef9a5c, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x65ef9a5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77d71060, ftCreationTime.dwHighDateTime=0x1d7065c, ftLastAccessTime.dwLowDateTime=0x695d19e0, ftLastAccessTime.dwHighDateTime=0x1d70903, ftLastWriteTime.dwLowDateTime=0x695d19e0, ftLastWriteTime.dwHighDateTime=0x1d70903, nFileSizeHigh=0x0, nFileSizeLow=0x14006, dwReserved0=0x0, dwReserved1=0x0, cFileName="qkKxpDXlhMxB7c.xlsx", cAlternateFileName="QKKXPD~1.XLS")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc68f410, ftCreationTime.dwHighDateTime=0x1d7085d, ftLastAccessTime.dwLowDateTime=0xd21d5d50, ftLastAccessTime.dwHighDateTime=0x1d70a20, ftLastWriteTime.dwLowDateTime=0xd21d5d50, ftLastWriteTime.dwHighDateTime=0x1d70a20, nFileSizeHigh=0x0, nFileSizeLow=0xc377, dwReserved0=0x0, dwReserved1=0x0, cFileName="vkTMaBRaJZ6X.docx", cAlternateFileName="VKTMAB~1.DOC")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b04a3a0, ftCreationTime.dwHighDateTime=0x1d6c1f4, ftLastAccessTime.dwLowDateTime=0x56e99c80, ftLastAccessTime.dwHighDateTime=0x1d6e206, ftLastWriteTime.dwLowDateTime=0x56e99c80, ftLastWriteTime.dwHighDateTime=0x1d6e206, nFileSizeHigh=0x0, nFileSizeLow=0xbf6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="VtkM6.xlsx", cAlternateFileName="VTKM6~1.XLS")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6774ae90, ftCreationTime.dwHighDateTime=0x1d6dff5, ftLastAccessTime.dwLowDateTime=0xa51a2ed0, ftLastAccessTime.dwHighDateTime=0x1d70135, ftLastWriteTime.dwLowDateTime=0xa51a2ed0, ftLastWriteTime.dwHighDateTime=0x1d70135, nFileSizeHigh=0x0, nFileSizeLow=0x7676, dwReserved0=0x0, dwReserved1=0x0, cFileName="vTz7ukVPLfFQ.xlsx", cAlternateFileName="VTZ7UK~1.XLS")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13b36560, ftCreationTime.dwHighDateTime=0x1d70685, ftLastAccessTime.dwLowDateTime=0x1fbfb360, ftLastAccessTime.dwHighDateTime=0x1d70764, ftLastWriteTime.dwLowDateTime=0x1fbfb360, ftLastWriteTime.dwHighDateTime=0x1d70764, nFileSizeHigh=0x0, nFileSizeLow=0x31e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="wGU4.pps", cAlternateFileName="")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2e9ff20, ftCreationTime.dwHighDateTime=0x1d6be50, ftLastAccessTime.dwLowDateTime=0x1c3c3050, ftLastAccessTime.dwHighDateTime=0x1d6c368, ftLastWriteTime.dwLowDateTime=0x1c3c3050, ftLastWriteTime.dwHighDateTime=0x1d6c368, nFileSizeHigh=0x0, nFileSizeLow=0x7a25, dwReserved0=0x0, dwReserved1=0x0, cFileName="XnU2rHF.xlsx", cAlternateFileName="XNU2RH~1.XLS")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7deb7730, ftCreationTime.dwHighDateTime=0x1d69e64, ftLastAccessTime.dwLowDateTime=0xb301a290, ftLastAccessTime.dwHighDateTime=0x1d700ad, ftLastWriteTime.dwLowDateTime=0xb301a290, ftLastWriteTime.dwHighDateTime=0x1d700ad, nFileSizeHigh=0x0, nFileSizeLow=0x10ec8, dwReserved0=0x0, dwReserved1=0x0, cFileName="xP-_L.docx", cAlternateFileName="XP-_L~1.DOC")) returned 1 [0095.124] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.125] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0095.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.125] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0095.125] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0095.125] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0095.125] GetFileType (hFile=0x2d8) returned 0x1 [0095.125] WriteFile (in: hFile=0x2d8, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0095.126] CloseHandle (hObject=0x2d8) returned 1 [0095.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0kERH4Zo.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0kerh4zo.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42d4d350, ftCreationTime.dwHighDateTime=0x1d709ba, ftLastAccessTime.dwLowDateTime=0x5b1878a0, ftLastAccessTime.dwHighDateTime=0x1d70a54, ftLastWriteTime.dwLowDateTime=0x5b1878a0, ftLastWriteTime.dwHighDateTime=0x1d70a54, nFileSizeHigh=0x0, nFileSizeLow=0x1849c)) returned 1 [0095.127] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129375e0*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129375e0*, lpNumberOfCharsWritten=0x12831848*=0x33) returned 1 [0095.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\1fL3-I81Z4OYL.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\1fl3-i81z4oyl.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dc314b0, ftCreationTime.dwHighDateTime=0x1d6ef29, ftLastAccessTime.dwLowDateTime=0x2f6b5860, ftLastAccessTime.dwHighDateTime=0x1d70065, ftLastWriteTime.dwLowDateTime=0x2f6b5860, ftLastWriteTime.dwHighDateTime=0x1d70065, nFileSizeHigh=0x0, nFileSizeLow=0x115cc)) returned 1 [0095.143] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970d00*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12970d00*, lpNumberOfCharsWritten=0x12831848*=0x39) returned 1 [0095.156] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0095.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4OolYd_eSq8.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4oolyd_esq8.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df66410, ftCreationTime.dwHighDateTime=0x1d6f4d1, ftLastAccessTime.dwLowDateTime=0x194396a0, ftLastAccessTime.dwHighDateTime=0x1d6fa17, ftLastWriteTime.dwLowDateTime=0x194396a0, ftLastWriteTime.dwHighDateTime=0x1d6fa17, nFileSizeHigh=0x0, nFileSizeLow=0x20cf)) returned 1 [0095.194] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128cf340*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128cf340*, lpNumberOfCharsWritten=0x12831848*=0x36) returned 1 [0095.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4XkNQsq6XKr_P6HMwtn.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4xknqsq6xkr_p6hmwtn.doc"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa9ef750, ftCreationTime.dwHighDateTime=0x1d6fd3e, ftLastAccessTime.dwLowDateTime=0xbdb5060, ftLastAccessTime.dwHighDateTime=0x1d6fe41, ftLastWriteTime.dwLowDateTime=0xbdb5060, ftLastWriteTime.dwHighDateTime=0x1d6fe41, nFileSizeHigh=0x0, nFileSizeLow=0x118ca)) returned 1 [0095.205] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12883100*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12883100*, lpNumberOfCharsWritten=0x12831848*=0x3e) returned 1 [0095.227] SetEvent (hEvent=0x20c) returned 1 [0095.228] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6KaGGKzw-OwQUh4.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6kaggkzw-owquh4.docx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1821ad30, ftCreationTime.dwHighDateTime=0x1d67e97, ftLastAccessTime.dwLowDateTime=0xc9925eb0, ftLastAccessTime.dwHighDateTime=0x1d6ddcf, ftLastWriteTime.dwLowDateTime=0xc9925eb0, ftLastWriteTime.dwHighDateTime=0x1d6ddcf, nFileSizeHigh=0x0, nFileSizeLow=0xd303)) returned 1 [0095.228] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12883180*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12883180*, lpNumberOfCharsWritten=0x12831848*=0x3b) returned 1 [0095.251] SetEvent (hEvent=0x20c) returned 1 [0095.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\90Gb-.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\90gb-.docx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x408fb5d0, ftCreationTime.dwHighDateTime=0x1d68a38, ftLastAccessTime.dwLowDateTime=0xcf624a20, ftLastAccessTime.dwHighDateTime=0x1d6969f, ftLastWriteTime.dwLowDateTime=0xcf624a20, ftLastWriteTime.dwHighDateTime=0x1d6969f, nFileSizeHigh=0x0, nFileSizeLow=0xc3d2)) returned 1 [0095.251] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a7810*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a7810*, lpNumberOfCharsWritten=0x12831848*=0x31) returned 1 [0095.270] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cdd3f0, ftCreationTime.dwHighDateTime=0x1d704fa, ftLastAccessTime.dwLowDateTime=0x43bb1e70, ftLastAccessTime.dwHighDateTime=0x1d70927, ftLastWriteTime.dwLowDateTime=0x43bb1e70, ftLastWriteTime.dwHighDateTime=0x1d70927, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0095.270] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0095.270] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cdd3f0, ftCreationTime.dwHighDateTime=0x1d704fa, ftLastAccessTime.dwLowDateTime=0x43bb1e70, ftLastAccessTime.dwHighDateTime=0x1d70927, ftLastWriteTime.dwLowDateTime=0x43bb1e70, ftLastWriteTime.dwHighDateTime=0x1d70927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0095.270] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf9cdd3f0, ftCreationTime.dwHighDateTime=0x1d704fa, ftLastAccessTime.dwLowDateTime=0x43bb1e70, ftLastAccessTime.dwHighDateTime=0x1d70927, ftLastWriteTime.dwLowDateTime=0x43bb1e70, ftLastWriteTime.dwHighDateTime=0x1d70927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.270] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6cc9e230, ftCreationTime.dwHighDateTime=0x1d701b4, ftLastAccessTime.dwLowDateTime=0xf4bfad50, ftLastAccessTime.dwHighDateTime=0x1d709fc, ftLastWriteTime.dwLowDateTime=0xf4bfad50, ftLastWriteTime.dwHighDateTime=0x1d709fc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0T-Vkj2", cAlternateFileName="")) returned 1 [0095.270] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0cdfc40, ftCreationTime.dwHighDateTime=0x1d6ff0a, ftLastAccessTime.dwLowDateTime=0x69ab7950, ftLastAccessTime.dwHighDateTime=0x1d70363, ftLastWriteTime.dwLowDateTime=0x69ab7950, ftLastWriteTime.dwHighDateTime=0x1d70363, nFileSizeHigh=0x0, nFileSizeLow=0xfdbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="5m1S6Vhyy.xlsx", cAlternateFileName="5M1S6V~1.XLS")) returned 1 [0095.270] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8212f2f0, ftCreationTime.dwHighDateTime=0x1d6ff1e, ftLastAccessTime.dwLowDateTime=0xc805eb60, ftLastAccessTime.dwHighDateTime=0x1d6ff86, ftLastWriteTime.dwLowDateTime=0xc805eb60, ftLastWriteTime.dwHighDateTime=0x1d6ff86, nFileSizeHigh=0x0, nFileSizeLow=0x10ce9, dwReserved0=0x0, dwReserved1=0x0, cFileName="byAxU_QdeSYuBunRt.csv", cAlternateFileName="BYAXU_~1.CSV")) returned 1 [0095.270] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3324d400, ftCreationTime.dwHighDateTime=0x1d709d3, ftLastAccessTime.dwLowDateTime=0x9d2fc2f0, ftLastAccessTime.dwHighDateTime=0x1d70a0b, ftLastWriteTime.dwLowDateTime=0x9d2fc2f0, ftLastWriteTime.dwHighDateTime=0x1d70a0b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="N4v2AJonjYIfePu-5ySR", cAlternateFileName="N4V2AJ~1")) returned 1 [0095.271] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf47ed280, ftCreationTime.dwHighDateTime=0x1d700e2, ftLastAccessTime.dwLowDateTime=0x44157a50, ftLastAccessTime.dwHighDateTime=0x1d7030f, ftLastWriteTime.dwLowDateTime=0x44157a50, ftLastWriteTime.dwHighDateTime=0x1d7030f, nFileSizeHigh=0x0, nFileSizeLow=0x13b09, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk0z.xlsx", cAlternateFileName="UK0Z~1.XLS")) returned 1 [0095.271] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x26a2f180, ftCreationTime.dwHighDateTime=0x1d6faf6, ftLastAccessTime.dwLowDateTime=0x51660e0, ftLastAccessTime.dwHighDateTime=0x1d6fcd3, ftLastWriteTime.dwLowDateTime=0x51660e0, ftLastWriteTime.dwHighDateTime=0x1d6fcd3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_dteD", cAlternateFileName="")) returned 1 [0095.271] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.271] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0095.271] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.271] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0095.271] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0095.271] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0095.271] GetFileType (hFile=0x304) returned 0x1 [0095.271] WriteFile (in: hFile=0x304, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0095.272] CloseHandle (hObject=0x304) returned 1 [0095.272] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6cc9e230, ftCreationTime.dwHighDateTime=0x1d701b4, ftLastAccessTime.dwLowDateTime=0xf4bfad50, ftLastAccessTime.dwHighDateTime=0x1d709fc, ftLastWriteTime.dwLowDateTime=0xf4bfad50, ftLastWriteTime.dwHighDateTime=0x1d709fc, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0095.272] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0095.273] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\*", lpFindFileData=0x12831998 | out: lpFindFileData=0x12831998*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6cc9e230, ftCreationTime.dwHighDateTime=0x1d701b4, ftLastAccessTime.dwLowDateTime=0xf4bfad50, ftLastAccessTime.dwHighDateTime=0x1d709fc, ftLastWriteTime.dwLowDateTime=0xf4bfad50, ftLastWriteTime.dwHighDateTime=0x1d709fc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6cc9e230, ftCreationTime.dwHighDateTime=0x1d701b4, ftLastAccessTime.dwLowDateTime=0xf4bfad50, ftLastAccessTime.dwHighDateTime=0x1d709fc, ftLastWriteTime.dwLowDateTime=0xf4bfad50, ftLastWriteTime.dwHighDateTime=0x1d709fc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee973cb0, ftCreationTime.dwHighDateTime=0x1d6fd9d, ftLastAccessTime.dwLowDateTime=0xbf21a8e0, ftLastAccessTime.dwHighDateTime=0x1d7056c, ftLastWriteTime.dwLowDateTime=0xbf21a8e0, ftLastWriteTime.dwHighDateTime=0x1d7056c, nFileSizeHigh=0x0, nFileSizeLow=0x2fe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="-hL1jdjMmVRK1ZFL0_5B.docx", cAlternateFileName="-HL1JD~1.DOC")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5a7ab30, ftCreationTime.dwHighDateTime=0x1d707f9, ftLastAccessTime.dwLowDateTime=0x7bc47810, ftLastAccessTime.dwHighDateTime=0x1d70a4a, ftLastWriteTime.dwLowDateTime=0x7bc47810, ftLastWriteTime.dwHighDateTime=0x1d70a4a, nFileSizeHigh=0x0, nFileSizeLow=0x13048, dwReserved0=0x0, dwReserved1=0x0, cFileName="-JZ ca6GvEB8.xlsx", cAlternateFileName="-JZCA6~1.XLS")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x314560c0, ftCreationTime.dwHighDateTime=0x1d70611, ftLastAccessTime.dwLowDateTime=0xc956320, ftLastAccessTime.dwHighDateTime=0x1d707b9, ftLastWriteTime.dwLowDateTime=0xc956320, ftLastWriteTime.dwHighDateTime=0x1d707b9, nFileSizeHigh=0x0, nFileSizeLow=0xe146, dwReserved0=0x0, dwReserved1=0x0, cFileName="03GbZMlsTTv_yjD9Hjv.rtf", cAlternateFileName="03GBZM~1.RTF")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb0ce5b0, ftCreationTime.dwHighDateTime=0x1d703d2, ftLastAccessTime.dwLowDateTime=0xa2c74e0, ftLastAccessTime.dwHighDateTime=0x1d70776, ftLastWriteTime.dwLowDateTime=0xa2c74e0, ftLastWriteTime.dwHighDateTime=0x1d70776, nFileSizeHigh=0x0, nFileSizeLow=0x42d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="CzW_XpqO6uC53L50.csv", cAlternateFileName="CZW_XP~1.CSV")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe97b97b0, ftCreationTime.dwHighDateTime=0x1d6fcf0, ftLastAccessTime.dwLowDateTime=0xd38fff30, ftLastAccessTime.dwHighDateTime=0x1d70485, ftLastWriteTime.dwLowDateTime=0xd38fff30, ftLastWriteTime.dwHighDateTime=0x1d70485, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kHLccXDGcWmzYVg9CD", cAlternateFileName="KHLCCX~1")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8d39c80, ftCreationTime.dwHighDateTime=0x1d7087d, ftLastAccessTime.dwLowDateTime=0xe14fdaa0, ftLastAccessTime.dwHighDateTime=0x1d708c7, ftLastWriteTime.dwLowDateTime=0xe14fdaa0, ftLastWriteTime.dwHighDateTime=0x1d708c7, nFileSizeHigh=0x0, nFileSizeLow=0xe72b, dwReserved0=0x0, dwReserved1=0x0, cFileName="m9rQ-Zp.xls", cAlternateFileName="")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecfbba50, ftCreationTime.dwHighDateTime=0x1d709c0, ftLastAccessTime.dwLowDateTime=0x84ebfee0, ftLastAccessTime.dwHighDateTime=0x1d70a27, ftLastWriteTime.dwLowDateTime=0x84ebfee0, ftLastWriteTime.dwHighDateTime=0x1d70a27, nFileSizeHigh=0x0, nFileSizeLow=0x7af5, dwReserved0=0x0, dwReserved1=0x0, cFileName="NJYrymxV9.xls", cAlternateFileName="NJYRYM~1.XLS")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70c6b3a0, ftCreationTime.dwHighDateTime=0x1d6fdd5, ftLastAccessTime.dwLowDateTime=0x76914940, ftLastAccessTime.dwHighDateTime=0x1d70022, ftLastWriteTime.dwLowDateTime=0x76914940, ftLastWriteTime.dwHighDateTime=0x1d70022, nFileSizeHigh=0x0, nFileSizeLow=0x15d93, dwReserved0=0x0, dwReserved1=0x0, cFileName="NvhgQY.xls", cAlternateFileName="")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5a6bf0, ftCreationTime.dwHighDateTime=0x1d7014d, ftLastAccessTime.dwLowDateTime=0x5899d4f0, ftLastAccessTime.dwHighDateTime=0x1d7079f, ftLastWriteTime.dwLowDateTime=0x5899d4f0, ftLastWriteTime.dwHighDateTime=0x1d7079f, nFileSizeHigh=0x0, nFileSizeLow=0x1707, dwReserved0=0x0, dwReserved1=0x0, cFileName="OsT7kWbXlqq8WJ.pps", cAlternateFileName="OST7KW~1.PPS")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae9b1a80, ftCreationTime.dwHighDateTime=0x1d6fbd3, ftLastAccessTime.dwLowDateTime=0xa1d8d230, ftLastAccessTime.dwHighDateTime=0x1d705e5, ftLastWriteTime.dwLowDateTime=0xa1d8d230, ftLastWriteTime.dwHighDateTime=0x1d705e5, nFileSizeHigh=0x0, nFileSizeLow=0xab2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="YYIkjg13SNtmwKdTH3.csv", cAlternateFileName="YYIKJG~1.CSV")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ecb8eb0, ftCreationTime.dwHighDateTime=0x1d70262, ftLastAccessTime.dwLowDateTime=0x3858da80, ftLastAccessTime.dwHighDateTime=0x1d704c3, ftLastWriteTime.dwLowDateTime=0x3858da80, ftLastWriteTime.dwHighDateTime=0x1d704c3, nFileSizeHigh=0x0, nFileSizeLow=0x10a7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="zZgXN8tXya.docx", cAlternateFileName="ZZGXN8~1.DOC")) returned 1 [0095.273] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.273] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0095.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a1c | out: lpFileInformation=0x12831a1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.273] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0095.273] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0095.274] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12831c34 | out: lpMode=0x12831c34) returned 0 [0095.274] GetFileType (hFile=0x304) returned 0x1 [0095.274] WriteFile (in: hFile=0x304, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c24, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c24*=0x2b8, lpOverlapped=0x0) returned 1 [0095.275] CloseHandle (hObject=0x304) returned 1 [0095.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-JZ ca6GvEB8.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-jz ca6gveb8.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5a7ab30, ftCreationTime.dwHighDateTime=0x1d707f9, ftLastAccessTime.dwLowDateTime=0x7bc47810, ftLastAccessTime.dwHighDateTime=0x1d70a4a, ftLastWriteTime.dwLowDateTime=0x7bc47810, ftLastWriteTime.dwHighDateTime=0x1d70a4a, nFileSizeHigh=0x0, nFileSizeLow=0x13048)) returned 1 [0095.275] VirtualAlloc (lpAddress=0x12be4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12be4000 [0095.275] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12995ce0*, nNumberOfCharsToWrite=0x54, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12995ce0*, lpNumberOfCharsWritten=0x12831778*=0x54) returned 1 [0095.317] VirtualAlloc (lpAddress=0x12c48000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c48000 [0095.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-hL1jdjMmVRK1ZFL0_5B.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-hl1jdjmmvrk1zfl0_5b.docx"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee973cb0, ftCreationTime.dwHighDateTime=0x1d6fd9d, ftLastAccessTime.dwLowDateTime=0xbf21a8e0, ftLastAccessTime.dwHighDateTime=0x1d7056c, ftLastWriteTime.dwLowDateTime=0xbf21a8e0, ftLastWriteTime.dwHighDateTime=0x1d7056c, nFileSizeHigh=0x0, nFileSizeLow=0x2fe4)) returned 1 [0095.318] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1286a9c0*, nNumberOfCharsToWrite=0x5c, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x1286a9c0*, lpNumberOfCharsWritten=0x12831778*=0x5c) returned 1 [0095.339] SetEvent (hEvent=0x218) returned 1 [0095.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\03GbZMlsTTv_yjD9Hjv.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\03gbzmlsttv_yjd9hjv.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x314560c0, ftCreationTime.dwHighDateTime=0x1d70611, ftLastAccessTime.dwLowDateTime=0xc956320, ftLastAccessTime.dwHighDateTime=0x1d707b9, ftLastWriteTime.dwLowDateTime=0xc956320, ftLastWriteTime.dwHighDateTime=0x1d707b9, nFileSizeHigh=0x0, nFileSizeLow=0xe146)) returned 1 [0095.340] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1286aa80*, nNumberOfCharsToWrite=0x5a, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x1286aa80*, lpNumberOfCharsWritten=0x12831778*=0x5a) returned 1 [0095.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\CzW_XpqO6uC53L50.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\czw_xpqo6uc53l50.csv"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb0ce5b0, ftCreationTime.dwHighDateTime=0x1d703d2, ftLastAccessTime.dwLowDateTime=0xa2c74e0, ftLastAccessTime.dwHighDateTime=0x1d70776, ftLastWriteTime.dwLowDateTime=0xa2c74e0, ftLastWriteTime.dwHighDateTime=0x1d70776, nFileSizeHigh=0x0, nFileSizeLow=0x42d2)) returned 1 [0095.357] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c32790*, nNumberOfCharsToWrite=0x57, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12c32790*, lpNumberOfCharsWritten=0x12831778*=0x57) returned 1 [0095.380] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NJYrymxV9.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\njyrymxv9.xls"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecfbba50, ftCreationTime.dwHighDateTime=0x1d709c0, ftLastAccessTime.dwLowDateTime=0x84ebfee0, ftLastAccessTime.dwHighDateTime=0x1d70a27, ftLastWriteTime.dwLowDateTime=0x84ebfee0, ftLastWriteTime.dwHighDateTime=0x1d70a27, nFileSizeHigh=0x0, nFileSizeLow=0x7af5)) returned 1 [0095.380] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12932320*, nNumberOfCharsToWrite=0x50, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12932320*, lpNumberOfCharsWritten=0x12831778*=0x50) returned 1 [0095.393] SetEvent (hEvent=0x2b4) returned 1 [0095.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NvhgQY.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\nvhgqy.xls"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70c6b3a0, ftCreationTime.dwHighDateTime=0x1d6fdd5, ftLastAccessTime.dwLowDateTime=0x76914940, ftLastAccessTime.dwHighDateTime=0x1d70022, ftLastWriteTime.dwLowDateTime=0x76914940, ftLastWriteTime.dwHighDateTime=0x1d70022, nFileSizeHigh=0x0, nFileSizeLow=0x15d93)) returned 1 [0095.393] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129323c0*, nNumberOfCharsToWrite=0x4d, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129323c0*, lpNumberOfCharsWritten=0x12831778*=0x4d) returned 1 [0095.409] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\OsT7kWbXlqq8WJ.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\ost7kwbxlqq8wj.pps"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5a6bf0, ftCreationTime.dwHighDateTime=0x1d7014d, ftLastAccessTime.dwLowDateTime=0x5899d4f0, ftLastAccessTime.dwHighDateTime=0x1d7079f, ftLastWriteTime.dwLowDateTime=0x5899d4f0, ftLastWriteTime.dwHighDateTime=0x1d7079f, nFileSizeHigh=0x0, nFileSizeLow=0x1707)) returned 1 [0095.409] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12945e40*, nNumberOfCharsToWrite=0x54, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12945e40*, lpNumberOfCharsWritten=0x12831778*=0x54) returned 1 [0095.426] VirtualAlloc (lpAddress=0x12ca2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ca2000 [0095.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\OsT7kWbXlqq8WJ.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\ost7kwbxlqq8wj.pps"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae5a6bf0, ftCreationTime.dwHighDateTime=0x1d7014d, ftLastAccessTime.dwLowDateTime=0x5899d4f0, ftLastAccessTime.dwHighDateTime=0x1d7079f, ftLastWriteTime.dwLowDateTime=0x5899d4f0, ftLastWriteTime.dwHighDateTime=0x1d7079f, nFileSizeHigh=0x0, nFileSizeLow=0x1707)) returned 1 [0095.427] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\OsT7kWbXlqq8WJ.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\ost7kwbxlqq8wj.pps")) returned 0x20 [0095.427] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\OsT7kWbXlqq8WJ.pps", dwFileAttributes=0x20) returned 1 [0095.427] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\OsT7kWbXlqq8WJ.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\ost7kwbxlqq8wj.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0095.427] GetConsoleMode (in: hConsoleHandle=0x314, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.427] GetFileType (hFile=0x314) returned 0x1 [0095.427] GetFileType (hFile=0x314) returned 0x1 [0095.427] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.427] ReadFile (in: hFile=0x314, lpBuffer=0x12900c7c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x12900c7c*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.427] SystemFunction036 (in: RandomBuffer=0x12c90848, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90848) returned 1 [0095.427] SystemFunction036 (in: RandomBuffer=0x12c90858, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90858) returned 1 [0095.427] VirtualAlloc (lpAddress=0x12ca4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ca4000 [0095.428] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1290e600*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x12859a78, lpReserved=0x0 | out: lpBuffer=0x1290e600*, lpNumberOfCharsWritten=0x12859a78*=0xa) returned 1 [0095.441] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x19f998, ulCount=0x10, ulNumEntriesRemoved=0x19f980, dwMilliseconds=0x3e8, fAlertable=0 | out: lpCompletionPortEntries=0x19f998, ulNumEntriesRemoved=0x19f980) returned 1 [0095.609] SetEvent (hEvent=0x20c) returned 1 [0095.609] VirtualAlloc (lpAddress=0x12c60000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c60000 [0095.609] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\m9rQ-Zp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\m9rq-zp.xls"), fInfoLevelId=0x0, lpFileInformation=0x12d85c44 | out: lpFileInformation=0x12d85c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8d39c80, ftCreationTime.dwHighDateTime=0x1d7087d, ftLastAccessTime.dwLowDateTime=0xe14fdaa0, ftLastAccessTime.dwHighDateTime=0x1d708c7, ftLastWriteTime.dwLowDateTime=0xe14fdaa0, ftLastWriteTime.dwHighDateTime=0x1d708c7, nFileSizeHigh=0x0, nFileSizeLow=0xe72b)) returned 1 [0095.609] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\m9rQ-Zp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\m9rq-zp.xls")) returned 0x20 [0095.610] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\m9rQ-Zp.xls", dwFileAttributes=0x20) returned 1 [0095.610] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\m9rQ-Zp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\m9rq-zp.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.610] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12d85e88 | out: lpMode=0x12d85e88) returned 0 [0095.610] GetFileType (hFile=0x310) returned 0x1 [0095.610] GetFileType (hFile=0x310) returned 0x1 [0095.610] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.610] ReadFile (in: hFile=0x310, lpBuffer=0x12900004, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d85d14, lpOverlapped=0x0 | out: lpBuffer=0x12900004*, lpNumberOfBytesRead=0x12d85d14*=0x4, lpOverlapped=0x0) returned 1 [0095.610] SystemFunction036 (in: RandomBuffer=0x12c90118, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90118) returned 1 [0095.610] SystemFunction036 (in: RandomBuffer=0x12c90128, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90128) returned 1 [0095.610] VirtualAlloc (lpAddress=0x12c62000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c62000 [0095.611] VirtualAlloc (lpAddress=0x12c66000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c66000 [0095.611] VirtualAlloc (lpAddress=0x12c68000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c68000 [0095.611] VirtualAlloc (lpAddress=0x12c6a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c6a000 [0095.612] GetFileType (hFile=0x310) returned 0x1 [0095.612] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0095.612] ReadFile (in: hFile=0x310, lpBuffer=0x12c62000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d85e80, lpOverlapped=0x0 | out: lpBuffer=0x12c62000*, lpNumberOfBytesRead=0x12d85e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.612] VirtualAlloc (lpAddress=0x12c6c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c6c000 [0095.612] GetFileType (hFile=0x310) returned 0x1 [0095.612] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0095.612] WriteFile (in: hFile=0x310, lpBuffer=0x12c6c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d85e78, lpOverlapped=0x0 | out: lpBuffer=0x12c6c000*, lpNumberOfBytesWritten=0x12d85e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.613] GetFileType (hFile=0x310) returned 0x1 [0095.613] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0095.613] VirtualAlloc (lpAddress=0x12c70000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c70000 [0095.613] VirtualAlloc (lpAddress=0x12c72000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c72000 [0095.613] SystemFunction036 (in: RandomBuffer=0x12c72001, RandomBufferLength=0x40 | out: RandomBuffer=0x12c72001) returned 1 [0095.613] VirtualAlloc (lpAddress=0x12c74000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c74000 [0095.614] VirtualAlloc (lpAddress=0x12c76000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c76000 [0095.615] WriteFile (in: hFile=0x310, lpBuffer=0x12900060*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d85d88, lpOverlapped=0x0 | out: lpBuffer=0x12900060*, lpNumberOfBytesWritten=0x12d85d88*=0x4, lpOverlapped=0x0) returned 1 [0095.615] WriteFile (in: hFile=0x310, lpBuffer=0x12c72100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d85d88, lpOverlapped=0x0 | out: lpBuffer=0x12c72100*, lpNumberOfBytesWritten=0x12d85d88*=0x100, lpOverlapped=0x0) returned 1 [0095.615] CloseHandle (hObject=0x310) returned 1 [0095.617] VirtualAlloc (lpAddress=0x12c7a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c7a000 [0095.618] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\m9rQ-Zp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\m9rq-zp.xls"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\m9rQ-Zp.xls.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\m9rq-zp.xls.crypted"), dwFlags=0x1) returned 1 [0095.618] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\m9rQ-Zp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\m9rq-zp.xls")) returned 0xffffffff [0095.618] VirtualFree (lpAddress=0x12d00000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.619] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x19f998, ulCount=0x10, ulNumEntriesRemoved=0x19f980, dwMilliseconds=0x1, fAlertable=0 | out: lpCompletionPortEntries=0x19f998, ulNumEntriesRemoved=0x19f980) returned 0 [0095.640] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x19f998, ulCount=0x10, ulNumEntriesRemoved=0x19f980, dwMilliseconds=0x19, fAlertable=0 | out: lpCompletionPortEntries=0x19f998, ulNumEntriesRemoved=0x19f980) returned 0 [0095.693] VirtualFree (lpAddress=0x12c9c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.693] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\0HS-m8AnET_.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\0hs-m8anet_.csv"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fe64510, ftCreationTime.dwHighDateTime=0x1d6ff8b, ftLastAccessTime.dwLowDateTime=0x65dda440, ftLastAccessTime.dwHighDateTime=0x1d705db, ftLastWriteTime.dwLowDateTime=0x65dda440, ftLastWriteTime.dwHighDateTime=0x1d705db, nFileSizeHigh=0x0, nFileSizeLow=0xb5dd)) returned 1 [0095.693] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\0HS-m8AnET_.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\0hs-m8anet_.csv")) returned 0x20 [0095.693] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\0HS-m8AnET_.csv", dwFileAttributes=0x20) returned 1 [0095.694] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\0HS-m8AnET_.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\0hs-m8anet_.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.694] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0095.694] GetFileType (hFile=0x310) returned 0x1 [0095.694] GetFileType (hFile=0x310) returned 0x1 [0095.694] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.694] ReadFile (in: hFile=0x310, lpBuffer=0x1288a1f8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a1f8*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0095.694] SystemFunction036 (in: RandomBuffer=0x12d16f78, RandomBufferLength=0x10 | out: RandomBuffer=0x12d16f78) returned 1 [0095.694] SystemFunction036 (in: RandomBuffer=0x12d16f88, RandomBufferLength=0x10 | out: RandomBuffer=0x12d16f88) returned 1 [0095.695] VirtualAlloc (lpAddress=0x12db4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12db4000 [0095.695] GetFileType (hFile=0x310) returned 0x1 [0095.695] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.695] ReadFile (in: hFile=0x310, lpBuffer=0x12db4000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12db4000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.695] VirtualAlloc (lpAddress=0x12db8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12db8000 [0095.696] GetFileType (hFile=0x310) returned 0x1 [0095.696] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.696] WriteFile (in: hFile=0x310, lpBuffer=0x12db8000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12db8000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.696] GetFileType (hFile=0x310) returned 0x1 [0095.696] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.696] SystemFunction036 (in: RandomBuffer=0x12d9e601, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9e601) returned 1 [0095.697] WriteFile (in: hFile=0x310, lpBuffer=0x1288a254*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a254*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0095.697] WriteFile (in: hFile=0x310, lpBuffer=0x12d9e700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9e700*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0095.697] CloseHandle (hObject=0x310) returned 1 [0095.727] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\0HS-m8AnET_.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\0hs-m8anet_.csv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\0HS-m8AnET_.csv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\0hs-m8anet_.csv.crypted"), dwFlags=0x1) returned 1 [0095.728] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\0HS-m8AnET_.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\0hs-m8anet_.csv")) returned 0xffffffff [0095.728] VirtualFree (lpAddress=0x12c9a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.728] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x19f998, ulCount=0x10, ulNumEntriesRemoved=0x19f980, dwMilliseconds=0x2, fAlertable=0 | out: lpCompletionPortEntries=0x19f998, ulNumEntriesRemoved=0x19f980) returned 0 [0095.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\3evmoN uAcG8aZ.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\3evmon uacg8az.doc"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x352e4110, ftCreationTime.dwHighDateTime=0x1d700ea, ftLastAccessTime.dwLowDateTime=0x8a0bf090, ftLastAccessTime.dwHighDateTime=0x1d708da, ftLastWriteTime.dwLowDateTime=0x8a0bf090, ftLastWriteTime.dwHighDateTime=0x1d708da, nFileSizeHigh=0x0, nFileSizeLow=0x926c)) returned 1 [0095.741] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\3evmoN uAcG8aZ.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\3evmon uacg8az.doc")) returned 0x20 [0095.741] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\3evmoN uAcG8aZ.doc", dwFileAttributes=0x20) returned 1 [0095.741] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\3evmoN uAcG8aZ.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\3evmon uacg8az.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.741] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.741] GetFileType (hFile=0x310) returned 0x1 [0095.741] GetFileType (hFile=0x310) returned 0x1 [0095.741] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.741] ReadFile (in: hFile=0x310, lpBuffer=0x1298e1f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e1f0*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.742] SystemFunction036 (in: RandomBuffer=0x12be4898, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4898) returned 1 [0095.742] SystemFunction036 (in: RandomBuffer=0x12be48a8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be48a8) returned 1 [0095.742] VirtualAlloc (lpAddress=0x12cd2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cd2000 [0095.742] GetFileType (hFile=0x310) returned 0x1 [0095.742] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.742] ReadFile (in: hFile=0x310, lpBuffer=0x12cd2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12cd2000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.742] VirtualAlloc (lpAddress=0x12cd6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cd6000 [0095.743] GetFileType (hFile=0x310) returned 0x1 [0095.743] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.743] WriteFile (in: hFile=0x310, lpBuffer=0x12cd6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12cd6000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.743] GetFileType (hFile=0x310) returned 0x1 [0095.743] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.743] SystemFunction036 (in: RandomBuffer=0x12b52f01, RandomBufferLength=0x40 | out: RandomBuffer=0x12b52f01) returned 1 [0095.744] WriteFile (in: hFile=0x310, lpBuffer=0x1298e24c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e24c*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0095.744] WriteFile (in: hFile=0x310, lpBuffer=0x12b53000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12b53000*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0095.744] CloseHandle (hObject=0x310) returned 1 [0095.746] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\3evmoN uAcG8aZ.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\3evmon uacg8az.doc"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\3evmoN uAcG8aZ.doc.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\3evmon uacg8az.doc.crypted"), dwFlags=0x1) returned 1 [0095.747] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\3evmoN uAcG8aZ.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\3evmon uacg8az.doc")) returned 0xffffffff [0095.747] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x19f978, ulCount=0x10, ulNumEntriesRemoved=0x19f960, dwMilliseconds=0x20, fAlertable=0 | out: lpCompletionPortEntries=0x19f978, ulNumEntriesRemoved=0x19f960) returned 0 [0095.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\aMrWoUh.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\amrwouh.pdf"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f2fa4f0, ftCreationTime.dwHighDateTime=0x1d6fbf1, ftLastAccessTime.dwLowDateTime=0x193040c0, ftLastAccessTime.dwHighDateTime=0x1d7050f, ftLastWriteTime.dwLowDateTime=0x193040c0, ftLastWriteTime.dwHighDateTime=0x1d7050f, nFileSizeHigh=0x0, nFileSizeLow=0x6471)) returned 1 [0095.805] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\aMrWoUh.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\amrwouh.pdf")) returned 0x20 [0095.805] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\aMrWoUh.pdf", dwFileAttributes=0x20) returned 1 [0095.806] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\aMrWoUh.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\amrwouh.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.806] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0095.806] GetFileType (hFile=0x310) returned 0x1 [0095.806] GetFileType (hFile=0x310) returned 0x1 [0095.806] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.806] ReadFile (in: hFile=0x310, lpBuffer=0x1288a2c0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a2c0*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0095.806] SystemFunction036 (in: RandomBuffer=0x12d171f8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d171f8) returned 1 [0095.806] SystemFunction036 (in: RandomBuffer=0x12d17208, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17208) returned 1 [0095.806] VirtualAlloc (lpAddress=0x12dc6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dc6000 [0095.807] GetFileType (hFile=0x310) returned 0x1 [0095.807] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.807] ReadFile (in: hFile=0x310, lpBuffer=0x12dc6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12dc6000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.807] VirtualAlloc (lpAddress=0x12dca000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dca000 [0095.808] GetFileType (hFile=0x310) returned 0x1 [0095.808] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.808] WriteFile (in: hFile=0x310, lpBuffer=0x12dca000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12dca000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.808] GetFileType (hFile=0x310) returned 0x1 [0095.808] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.808] SystemFunction036 (in: RandomBuffer=0x12d9ec01, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9ec01) returned 1 [0095.809] VirtualAlloc (lpAddress=0x12dce000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dce000 [0095.809] WriteFile (in: hFile=0x310, lpBuffer=0x1288a31c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a31c*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0095.809] WriteFile (in: hFile=0x310, lpBuffer=0x12d9ed00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9ed00*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0095.809] CloseHandle (hObject=0x310) returned 1 [0095.811] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\aMrWoUh.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\amrwouh.pdf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\aMrWoUh.pdf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\amrwouh.pdf.crypted"), dwFlags=0x1) returned 1 [0095.812] VirtualAlloc (lpAddress=0x12dd2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dd2000 [0095.812] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\aMrWoUh.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\amrwouh.pdf")) returned 0xffffffff [0095.812] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x19f978, ulCount=0x10, ulNumEntriesRemoved=0x19f960, dwMilliseconds=0x19, fAlertable=0 | out: lpCompletionPortEntries=0x19f978, ulNumEntriesRemoved=0x19f960) returned 0 [0095.870] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x19f978, ulCount=0x10, ulNumEntriesRemoved=0x19f960, dwMilliseconds=0x23, fAlertable=0 | out: lpCompletionPortEntries=0x19f978, ulNumEntriesRemoved=0x19f960) returned 0 [0095.963] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x19f978, ulCount=0x10, ulNumEntriesRemoved=0x19f960, dwMilliseconds=0x5, fAlertable=0 | out: lpCompletionPortEntries=0x19f978, ulNumEntriesRemoved=0x19f960) returned 0 [0095.994] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.052] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.078] VirtualFree (lpAddress=0x12c88000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\byAxU_QdeSYuBunRt.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\byaxu_qdesyubunrt.csv"), fInfoLevelId=0x0, lpFileInformation=0x12a4dc44 | out: lpFileInformation=0x12a4dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8212f2f0, ftCreationTime.dwHighDateTime=0x1d6ff1e, ftLastAccessTime.dwLowDateTime=0xc805eb60, ftLastAccessTime.dwHighDateTime=0x1d6ff86, ftLastWriteTime.dwLowDateTime=0xc805eb60, ftLastWriteTime.dwHighDateTime=0x1d6ff86, nFileSizeHigh=0x0, nFileSizeLow=0x10ce9)) returned 1 [0096.079] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\byAxU_QdeSYuBunRt.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\byaxu_qdesyubunrt.csv")) returned 0x20 [0096.079] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\byAxU_QdeSYuBunRt.csv", dwFileAttributes=0x20) returned 1 [0096.079] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\byAxU_QdeSYuBunRt.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\byaxu_qdesyubunrt.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ac [0096.080] GetConsoleMode (in: hConsoleHandle=0x2ac, lpMode=0x12a4de88 | out: lpMode=0x12a4de88) returned 0 [0096.080] GetFileType (hFile=0x2ac) returned 0x1 [0096.080] GetFileType (hFile=0x2ac) returned 0x1 [0096.080] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.080] ReadFile (in: hFile=0x2ac, lpBuffer=0x128103f4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a4dd14, lpOverlapped=0x0 | out: lpBuffer=0x128103f4*, lpNumberOfBytesRead=0x12a4dd14*=0x4, lpOverlapped=0x0) returned 1 [0096.083] SystemFunction036 (in: RandomBuffer=0x12816f28, RandomBufferLength=0x10 | out: RandomBuffer=0x12816f28) returned 1 [0096.083] SystemFunction036 (in: RandomBuffer=0x12816f38, RandomBufferLength=0x10 | out: RandomBuffer=0x12816f38) returned 1 [0096.083] VirtualAlloc (lpAddress=0x12d58000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d58000 [0096.084] GetFileType (hFile=0x2ac) returned 0x1 [0096.084] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.084] ReadFile (in: hFile=0x2ac, lpBuffer=0x12d58000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4de80, lpOverlapped=0x0 | out: lpBuffer=0x12d58000*, lpNumberOfBytesRead=0x12a4de80*=0x4000, lpOverlapped=0x0) returned 1 [0096.084] VirtualAlloc (lpAddress=0x12d5c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d5c000 [0096.085] GetFileType (hFile=0x2ac) returned 0x1 [0096.085] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.085] WriteFile (in: hFile=0x2ac, lpBuffer=0x12d5c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4de78, lpOverlapped=0x0 | out: lpBuffer=0x12d5c000*, lpNumberOfBytesWritten=0x12a4de78*=0x4000, lpOverlapped=0x0) returned 1 [0096.085] GetFileType (hFile=0x2ac) returned 0x1 [0096.085] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.085] SystemFunction036 (in: RandomBuffer=0x12a7ef01, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7ef01) returned 1 [0096.085] VirtualAlloc (lpAddress=0x12d60000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d60000 [0096.086] WriteFile (in: hFile=0x2ac, lpBuffer=0x12810450*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x12810450*, lpNumberOfBytesWritten=0x12a4dd88*=0x4, lpOverlapped=0x0) returned 1 [0096.086] WriteFile (in: hFile=0x2ac, lpBuffer=0x12a7f000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7f000*, lpNumberOfBytesWritten=0x12a4dd88*=0x100, lpOverlapped=0x0) returned 1 [0096.086] CloseHandle (hObject=0x2ac) returned 1 [0096.088] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\byAxU_QdeSYuBunRt.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\byaxu_qdesyubunrt.csv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\byAxU_QdeSYuBunRt.csv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\byaxu_qdesyubunrt.csv.crypted"), dwFlags=0x1) returned 1 [0096.089] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\byAxU_QdeSYuBunRt.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\byaxu_qdesyubunrt.csv")) returned 0xffffffff [0096.089] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.134] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.147] SetEvent (hEvent=0x2ac) returned 1 [0096.147] SetEvent (hEvent=0x2ec) returned 1 [0096.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\HZH9ZrMuSr.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\hzh9zrmusr.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12a6fc44 | out: lpFileInformation=0x12a6fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x626730a0, ftCreationTime.dwHighDateTime=0x1d68e86, ftLastAccessTime.dwLowDateTime=0x1eff9a10, ftLastAccessTime.dwHighDateTime=0x1d6ef2e, ftLastWriteTime.dwLowDateTime=0x1eff9a10, ftLastWriteTime.dwHighDateTime=0x1d6ef2e, nFileSizeHigh=0x0, nFileSizeLow=0xdd0d)) returned 1 [0096.147] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\HZH9ZrMuSr.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\hzh9zrmusr.pptx")) returned 0x20 [0096.147] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\HZH9ZrMuSr.pptx", dwFileAttributes=0x20) returned 1 [0096.147] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\HZH9ZrMuSr.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\hzh9zrmusr.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0096.148] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12a6fe88 | out: lpMode=0x12a6fe88) returned 0 [0096.148] GetFileType (hFile=0x308) returned 0x1 [0096.148] GetFileType (hFile=0x308) returned 0x1 [0096.148] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.148] ReadFile (in: hFile=0x308, lpBuffer=0x129001a8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6fd14, lpOverlapped=0x0 | out: lpBuffer=0x129001a8*, lpNumberOfBytesRead=0x12a6fd14*=0x4, lpOverlapped=0x0) returned 1 [0096.148] SystemFunction036 (in: RandomBuffer=0x12c90ca8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90ca8) returned 1 [0096.148] SystemFunction036 (in: RandomBuffer=0x12c90cb8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90cb8) returned 1 [0096.148] GetFileType (hFile=0x308) returned 0x1 [0096.148] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.148] ReadFile (in: hFile=0x308, lpBuffer=0x12938000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6fe80, lpOverlapped=0x0 | out: lpBuffer=0x12938000*, lpNumberOfBytesRead=0x12a6fe80*=0x4000, lpOverlapped=0x0) returned 1 [0096.148] GetFileType (hFile=0x308) returned 0x1 [0096.148] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.148] WriteFile (in: hFile=0x308, lpBuffer=0x12944000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6fe78, lpOverlapped=0x0 | out: lpBuffer=0x12944000*, lpNumberOfBytesWritten=0x12a6fe78*=0x4000, lpOverlapped=0x0) returned 1 [0096.149] GetFileType (hFile=0x308) returned 0x1 [0096.149] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.149] SystemFunction036 (in: RandomBuffer=0x12c72c01, RandomBufferLength=0x40 | out: RandomBuffer=0x12c72c01) returned 1 [0096.149] WriteFile (in: hFile=0x308, lpBuffer=0x12900204*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12900204*, lpNumberOfBytesWritten=0x12a6fd88*=0x4, lpOverlapped=0x0) returned 1 [0096.149] WriteFile (in: hFile=0x308, lpBuffer=0x12c72d00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12c72d00*, lpNumberOfBytesWritten=0x12a6fd88*=0x100, lpOverlapped=0x0) returned 1 [0096.149] CloseHandle (hObject=0x308) returned 1 [0096.153] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\HZH9ZrMuSr.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\hzh9zrmusr.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\HZH9ZrMuSr.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\hzh9zrmusr.pptx.crypted"), dwFlags=0x1) returned 1 [0096.154] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\HZH9ZrMuSr.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\hzh9zrmusr.pptx")) returned 0xffffffff [0096.154] VirtualFree (lpAddress=0x12c86000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.154] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.399] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.425] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.437] SetEvent (hEvent=0x2ec) returned 1 [0096.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qkKxpDXlhMxB7c.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qkkxpdxlhmxb7c.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77d71060, ftCreationTime.dwHighDateTime=0x1d7065c, ftLastAccessTime.dwLowDateTime=0x695d19e0, ftLastAccessTime.dwHighDateTime=0x1d70903, ftLastWriteTime.dwLowDateTime=0x695d19e0, ftLastWriteTime.dwHighDateTime=0x1d70903, nFileSizeHigh=0x0, nFileSizeLow=0x14006)) returned 1 [0096.438] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qkKxpDXlhMxB7c.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qkkxpdxlhmxb7c.xlsx")) returned 0x20 [0096.438] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qkKxpDXlhMxB7c.xlsx", dwFileAttributes=0x20) returned 1 [0096.438] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qkKxpDXlhMxB7c.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qkkxpdxlhmxb7c.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0096.438] GetConsoleMode (in: hConsoleHandle=0x224, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0096.438] GetFileType (hFile=0x224) returned 0x1 [0096.438] GetFileType (hFile=0x224) returned 0x1 [0096.438] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.439] ReadFile (in: hFile=0x224, lpBuffer=0x1281055c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x1281055c*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0096.439] SystemFunction036 (in: RandomBuffer=0x12817518, RandomBufferLength=0x10 | out: RandomBuffer=0x12817518) returned 1 [0096.439] SystemFunction036 (in: RandomBuffer=0x12817528, RandomBufferLength=0x10 | out: RandomBuffer=0x12817528) returned 1 [0096.439] GetFileType (hFile=0x224) returned 0x1 [0096.439] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.439] ReadFile (in: hFile=0x224, lpBuffer=0x12976000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12976000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0096.439] GetFileType (hFile=0x224) returned 0x1 [0096.439] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.439] WriteFile (in: hFile=0x224, lpBuffer=0x1297a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x1297a000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0096.440] GetFileType (hFile=0x224) returned 0x1 [0096.440] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x14000, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.440] ReadFile (in: hFile=0x224, lpBuffer=0x12976000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12976000*, lpNumberOfBytesRead=0x12a1fe80*=0x6, lpOverlapped=0x0) returned 1 [0096.440] GetFileType (hFile=0x224) returned 0x1 [0096.440] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x14000, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.440] WriteFile (in: hFile=0x224, lpBuffer=0x12810580*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12810580*, lpNumberOfBytesWritten=0x12a1fe78*=0x10, lpOverlapped=0x0) returned 1 [0096.440] GetFileType (hFile=0x224) returned 0x1 [0096.440] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.440] SystemFunction036 (in: RandomBuffer=0x12a7fb01, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7fb01) returned 1 [0096.440] WriteFile (in: hFile=0x224, lpBuffer=0x128105c8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x128105c8*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0096.441] WriteFile (in: hFile=0x224, lpBuffer=0x12a7fc00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7fc00*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0096.441] CloseHandle (hObject=0x224) returned 1 [0096.443] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qkKxpDXlhMxB7c.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qkkxpdxlhmxb7c.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qkKxpDXlhMxB7c.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qkkxpdxlhmxb7c.xlsx.crypted"), dwFlags=0x1) returned 1 [0096.444] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qkKxpDXlhMxB7c.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qkkxpdxlhmxb7c.xlsx")) returned 0xffffffff [0096.444] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.506] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.523] SetEvent (hEvent=0x19c) returned 1 [0096.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xP-_L.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xp-_l.docx"), fInfoLevelId=0x0, lpFileInformation=0x12a6fc44 | out: lpFileInformation=0x12a6fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7deb7730, ftCreationTime.dwHighDateTime=0x1d69e64, ftLastAccessTime.dwLowDateTime=0xb301a290, ftLastAccessTime.dwHighDateTime=0x1d700ad, ftLastWriteTime.dwLowDateTime=0xb301a290, ftLastWriteTime.dwHighDateTime=0x1d700ad, nFileSizeHigh=0x0, nFileSizeLow=0x10ec8)) returned 1 [0096.524] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xP-_L.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xp-_l.docx")) returned 0x20 [0096.524] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xP-_L.docx", dwFileAttributes=0x20) returned 1 [0096.524] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xP-_L.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xp-_l.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0096.524] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x12a6fe88 | out: lpMode=0x12a6fe88) returned 0 [0096.524] GetFileType (hFile=0x228) returned 0x1 [0096.524] GetFileType (hFile=0x228) returned 0x1 [0096.524] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.524] ReadFile (in: hFile=0x228, lpBuffer=0x129002ec, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6fd14, lpOverlapped=0x0 | out: lpBuffer=0x129002ec*, lpNumberOfBytesRead=0x12a6fd14*=0x4, lpOverlapped=0x0) returned 1 [0096.525] SystemFunction036 (in: RandomBuffer=0x12c91068, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91068) returned 1 [0096.525] SystemFunction036 (in: RandomBuffer=0x12c91078, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91078) returned 1 [0096.525] GetFileType (hFile=0x228) returned 0x1 [0096.525] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.525] ReadFile (in: hFile=0x228, lpBuffer=0x12a80000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6fe80, lpOverlapped=0x0 | out: lpBuffer=0x12a80000*, lpNumberOfBytesRead=0x12a6fe80*=0x4000, lpOverlapped=0x0) returned 1 [0096.525] GetFileType (hFile=0x228) returned 0x1 [0096.525] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.525] WriteFile (in: hFile=0x228, lpBuffer=0x12a84000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6fe78, lpOverlapped=0x0 | out: lpBuffer=0x12a84000*, lpNumberOfBytesWritten=0x12a6fe78*=0x4000, lpOverlapped=0x0) returned 1 [0096.526] GetFileType (hFile=0x228) returned 0x1 [0096.526] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.526] SystemFunction036 (in: RandomBuffer=0x12c73601, RandomBufferLength=0x40 | out: RandomBuffer=0x12c73601) returned 1 [0096.526] WriteFile (in: hFile=0x228, lpBuffer=0x12900348*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12900348*, lpNumberOfBytesWritten=0x12a6fd88*=0x4, lpOverlapped=0x0) returned 1 [0096.526] WriteFile (in: hFile=0x228, lpBuffer=0x12c73700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12c73700*, lpNumberOfBytesWritten=0x12a6fd88*=0x100, lpOverlapped=0x0) returned 1 [0096.526] CloseHandle (hObject=0x228) returned 1 [0096.530] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xP-_L.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xp-_l.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xP-_L.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xp-_l.docx.crypted"), dwFlags=0x1) returned 1 [0096.531] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xP-_L.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xp-_l.docx")) returned 0xffffffff [0096.531] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) Thread: id = 6 os_tid = 0x9b8 Thread: id = 7 os_tid = 0x1030 [0092.363] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x125eff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x125eff28*=0x104) returned 1 [0092.363] VirtualQuery (in: lpAddress=0x125eff38, lpBuffer=0x125eff38, dwLength=0x1c | out: lpBuffer=0x125eff38*(BaseAddress=0x125ef000, AllocationBase=0x124f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0092.363] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.388] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.397] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.399] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.408] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.723] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.819] SetEvent (hEvent=0x144) returned 1 [0092.819] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.834] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.837] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.894] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0092.895] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.902] SetEvent (hEvent=0x10c) returned 1 [0092.902] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.967] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.973] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0092.982] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.007] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.017] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.033] SetEvent (hEvent=0x150) returned 1 [0093.033] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.078] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.089] SetEvent (hEvent=0x150) returned 1 [0093.089] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.104] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.125] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.128] SetEvent (hEvent=0x144) returned 1 [0093.129] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.133] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.139] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.141] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.143] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.145] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.149] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.151] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.159] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.166] SetEvent (hEvent=0x144) returned 1 [0093.166] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.170] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.172] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.176] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.187] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.203] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.214] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.217] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.220] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.225] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.238] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.241] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.246] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.280] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.280] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x13c [0093.280] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x158 [0093.280] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.280] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.314] SetEvent (hEvent=0x150) returned 1 [0093.314] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.360] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.372] SetEvent (hEvent=0x150) returned 1 [0093.372] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.397] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.401] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.407] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.416] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.482] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.490] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.525] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.532] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.541] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.544] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.557] SetEvent (hEvent=0x150) returned 1 [0093.557] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.603] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.609] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.617] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282e900, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x164 [0093.618] CloseHandle (hObject=0x164) returned 1 [0093.618] VirtualAlloc (lpAddress=0x129aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129aa000 [0093.618] VirtualAlloc (lpAddress=0x129ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129ac000 [0093.618] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x129aa000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x164 [0093.618] CloseHandle (hObject=0x164) returned 1 [0093.618] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.623] VirtualAlloc (lpAddress=0x1296e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1296e000 [0093.623] VirtualAlloc (lpAddress=0x12970000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12970000 [0093.623] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1296e000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x164 [0093.624] CloseHandle (hObject=0x164) returned 1 [0093.624] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.626] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.636] SetEvent (hEvent=0x16c) returned 1 [0093.636] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.666] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282eb40, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x17c [0093.667] CloseHandle (hObject=0x17c) returned 1 [0093.667] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1296e240, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x17c [0093.667] CloseHandle (hObject=0x17c) returned 1 [0093.667] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.733] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.817] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.840] SetEvent (hEvent=0x180) returned 1 [0093.840] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.873] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x128806c0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x190 [0093.874] CloseHandle (hObject=0x190) returned 1 [0093.874] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.894] SetEvent (hEvent=0x118) returned 1 [0093.894] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x129aa240, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x198 [0093.894] CloseHandle (hObject=0x198) returned 1 [0093.894] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.896] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.914] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0093.914] SetEvent (hEvent=0x118) returned 1 [0093.914] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.973] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0093.973] SetEvent (hEvent=0x19c) returned 1 [0093.973] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1296e6c0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1b0 [0093.974] CloseHandle (hObject=0x1b0) returned 1 [0093.974] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.984] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0093.984] SetEvent (hEvent=0x19c) returned 1 [0093.984] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0093.997] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0093.997] SetEvent (hEvent=0x19c) returned 1 [0093.997] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1296e900, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1c8 [0093.998] CloseHandle (hObject=0x1c8) returned 1 [0093.998] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.005] SetEvent (hEvent=0x19c) returned 1 [0094.005] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.014] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0094.014] SetEvent (hEvent=0x19c) returned 1 [0094.014] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.034] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0094.034] SetEvent (hEvent=0x1dc) returned 1 [0094.034] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.042] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282ed80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e8 [0094.043] CloseHandle (hObject=0x1e8) returned 1 [0094.043] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x12880900, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e8 [0094.043] CloseHandle (hObject=0x1e8) returned 1 [0094.043] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1296eb40, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e8 [0094.044] CloseHandle (hObject=0x1e8) returned 1 [0094.044] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x129aa480, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e8 [0094.044] CloseHandle (hObject=0x1e8) returned 1 [0094.044] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.080] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0094.080] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.083] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.095] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0094.096] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.110] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0094.110] SetEvent (hEvent=0x1f8) returned 1 [0094.110] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.113] SetEvent (hEvent=0x1ec) returned 1 [0094.113] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.127] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0094.127] SetEvent (hEvent=0x20c) returned 1 [0094.127] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.136] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.139] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0094.139] SetEvent (hEvent=0x218) returned 1 [0094.139] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.147] SetEvent (hEvent=0x218) returned 1 [0094.147] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.159] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0094.159] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x129aa6c0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x228 [0094.160] CloseHandle (hObject=0x228) returned 1 [0094.160] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.176] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0094.176] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282efc0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x22c [0094.176] CloseHandle (hObject=0x22c) returned 1 [0094.176] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.184] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.186] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.190] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.196] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.198] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x3ce) returned 0x0 [0094.218] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.218] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.220] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.220] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x3b6) returned 0x0 [0094.228] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.228] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.275] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.290] SetEvent (hEvent=0x234) returned 1 [0094.290] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.319] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.332] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x129aa900, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x244 [0094.332] CloseHandle (hObject=0x244) returned 1 [0094.333] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.351] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x12880d80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x248 [0094.352] CloseHandle (hObject=0x248) returned 1 [0094.352] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.355] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.371] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.384] SetEvent (hEvent=0x24c) returned 1 [0094.384] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.401] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x12880fc0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x258 [0094.401] CloseHandle (hObject=0x258) returned 1 [0094.401] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.408] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.416] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.420] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.422] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.424] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.426] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.427] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.429] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.429] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x2e5) returned 0x0 [0094.437] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.437] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.439] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.439] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x2db) returned 0x0 [0094.446] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.446] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.448] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.448] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x2d2) returned 0x0 [0094.468] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.468] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.488] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.510] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.530] SetEvent (hEvent=0x150) returned 1 [0094.530] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.548] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.571] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.590] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.602] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x129aab40, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x28c [0094.603] CloseHandle (hObject=0x28c) returned 1 [0094.603] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.649] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x12881440, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x294 [0094.649] CloseHandle (hObject=0x294) returned 1 [0094.649] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.665] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.674] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.676] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.679] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.680] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.680] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x1e9) returned 0x0 [0094.682] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.683] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.684] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.684] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x1e5) returned 0x0 [0094.687] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.687] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.740] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.740] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x1ad) returned 0x0 [0094.745] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.745] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.747] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.747] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x1a6) returned 0x0 [0094.753] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.753] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.754] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.754] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x19f) returned 0x0 [0094.757] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.758] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.769] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.777] SetEvent (hEvent=0x1d0) returned 1 [0094.777] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.812] SetEvent (hEvent=0x1d0) returned 1 [0094.812] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.815] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.827] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.852] SetEvent (hEvent=0x1b0) returned 1 [0094.852] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.866] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.879] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.904] SetEvent (hEvent=0x1b0) returned 1 [0094.905] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.958] SetEvent (hEvent=0x10c) returned 1 [0094.958] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.976] SetEvent (hEvent=0x180) returned 1 [0094.976] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0094.985] SetEvent (hEvent=0x180) returned 1 [0094.985] SetEvent (hEvent=0x298) returned 1 [0094.985] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.016] SetEvent (hEvent=0x190) returned 1 [0095.016] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.035] SetEvent (hEvent=0x1dc) returned 1 [0095.035] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.049] SetEvent (hEvent=0x1dc) returned 1 [0095.049] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x129aad80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2b0 [0095.049] CloseHandle (hObject=0x2b0) returned 1 [0095.050] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.078] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1296efc0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2b0 [0095.079] CloseHandle (hObject=0x2b0) returned 1 [0095.079] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.082] SetEvent (hEvent=0x2b4) returned 1 [0095.082] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x12881680, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x240 [0095.082] CloseHandle (hObject=0x240) returned 1 [0095.082] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.084] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.098] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.109] SetEvent (hEvent=0x2cc) returned 1 [0095.109] SetEvent (hEvent=0x2b4) returned 1 [0095.109] SetEvent (hEvent=0x2bc) returned 1 [0095.109] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.120] SetEvent (hEvent=0x2b4) returned 1 [0095.120] SetEvent (hEvent=0x2cc) returned 1 [0095.120] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.141] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.153] SetEvent (hEvent=0x2b4) returned 1 [0095.153] SetEvent (hEvent=0x1f8) returned 1 [0095.153] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x129aafc0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2dc [0095.153] CloseHandle (hObject=0x2dc) returned 1 [0095.153] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.174] SetEvent (hEvent=0x2b4) returned 1 [0095.174] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.185] SetEvent (hEvent=0x2b4) returned 1 [0095.185] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.188] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.189] SetEvent (hEvent=0x2b4) returned 1 [0095.189] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.190] SetEvent (hEvent=0x2b4) returned 1 [0095.190] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.193] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.203] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.203] SetEvent (hEvent=0x2b4) returned 1 [0095.203] SetEvent (hEvent=0x218) returned 1 [0095.203] SetEvent (hEvent=0x20c) returned 1 [0095.203] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.226] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.226] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.245] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.245] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.258] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.259] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.285] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.285] SetEvent (hEvent=0x20c) returned 1 [0095.285] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.337] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.337] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.347] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.375] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.375] SetEvent (hEvent=0x218) returned 1 [0095.375] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.392] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.392] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.409] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.409] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.438] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0095.438] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.441] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.442] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.452] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.455] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.482] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x208, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x125efbcc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x125efbcc*=0x310) returned 1 [0095.482] SuspendThread (hThread=0x310) returned 0x0 [0095.482] GetThreadContext (in: hThread=0x310, lpContext=0x125efbe0 | out: lpContext=0x125efbe0*(ContextFlags=0x10001, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x33b2fe18, Eip=0x7783725c, SegCs=0x23, EFlags=0x206, Esp=0x33b2fc88, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0095.499] ResumeThread (hThread=0x310) returned 0x1 [0095.499] CloseHandle (hObject=0x310) returned 1 [0095.499] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.510] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.510] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x3a3) returned 0x0 [0095.519] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.519] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x208, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x125efbcc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x125efbcc*=0x310) returned 1 [0095.519] SuspendThread (hThread=0x310) returned 0x0 [0095.519] GetThreadContext (in: hThread=0x310, lpContext=0x125efbe0 | out: lpContext=0x125efbe0*(ContextFlags=0x10001, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x33b2fe28, Eip=0x7783725c, SegCs=0x23, EFlags=0x202, Esp=0x33b2fc98, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0095.556] ResumeThread (hThread=0x310) returned 0x1 [0095.556] CloseHandle (hObject=0x310) returned 1 [0095.556] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.580] SetEvent (hEvent=0x20c) returned 1 [0095.580] SetEvent (hEvent=0x200) returned 1 [0095.580] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.598] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.620] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.640] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.653] SetEvent (hEvent=0x2b4) returned 1 [0095.653] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.682] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.731] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.749] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.774] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.794] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.814] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.859] SetEvent (hEvent=0x200) returned 1 [0095.859] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.892] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.905] SetEvent (hEvent=0x200) returned 1 [0095.905] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.962] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0095.975] SetEvent (hEvent=0x200) returned 1 [0095.975] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.005] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.020] SetEvent (hEvent=0x2ec) returned 1 [0096.020] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.047] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.060] SetEvent (hEvent=0xfc) returned 1 [0096.060] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.089] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.104] SetEvent (hEvent=0x2ac) returned 1 [0096.104] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.133] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.143] SetEvent (hEvent=0x314) returned 1 [0096.143] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.171] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.184] SetEvent (hEvent=0x2ac) returned 1 [0096.184] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.207] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.221] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.233] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.261] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.281] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.324] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.348] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.366] SetEvent (hEvent=0x2ec) returned 1 [0096.366] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.399] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.422] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.437] SetEvent (hEvent=0x200) returned 1 [0096.437] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.467] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.478] SetEvent (hEvent=0x200) returned 1 [0096.478] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.506] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.523] SetEvent (hEvent=0x200) returned 1 [0096.523] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.555] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.571] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0096.571] SetEvent (hEvent=0x2ac) returned 1 [0096.571] SetEvent (hEvent=0x200) returned 1 [0096.571] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.608] SetEvent (hEvent=0x2ac) returned 1 [0096.608] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.629] SetEvent (hEvent=0x200) returned 1 [0096.629] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.654] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.667] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.746] SetEvent (hEvent=0x10c) returned 1 [0096.746] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.771] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.801] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.822] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.842] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.862] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.885] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.919] SetEvent (hEvent=0x190) returned 1 [0096.919] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.974] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0096.998] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.012] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.046] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.064] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.090] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.102] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x8) returned 0x0 [0097.114] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.126] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x1a8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x125efbcc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x125efbcc*=0x2fc) returned 1 [0097.126] SuspendThread (hThread=0x2fc) returned 0x0 [0097.126] GetThreadContext (in: hThread=0x2fc, lpContext=0x125efbe0 | out: lpContext=0x125efbe0*(ContextFlags=0x10001, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x334efe18, Eip=0x7783725c, SegCs=0x23, EFlags=0x206, Esp=0x334efc88, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0097.130] ResumeThread (hThread=0x2fc) returned 0x1 [0097.130] CloseHandle (hObject=0x2fc) returned 1 [0097.130] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.134] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x1a8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x125efbcc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x125efbcc*=0x2fc) returned 1 [0097.134] SuspendThread (hThread=0x2fc) returned 0x0 [0097.134] GetThreadContext (in: hThread=0x2fc, lpContext=0x125efbe0 | out: lpContext=0x125efbe0*(ContextFlags=0x10001, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x334efe28, Eip=0x7783725c, SegCs=0x23, EFlags=0x202, Esp=0x334efc98, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0097.164] ResumeThread (hThread=0x2fc) returned 0x1 [0097.164] CloseHandle (hObject=0x2fc) returned 1 [0097.164] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.196] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.208] SetEvent (hEvent=0x1e4) returned 1 [0097.208] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.242] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.258] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.276] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.299] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.316] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.333] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.357] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.384] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.403] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.419] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.437] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.458] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.501] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.522] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.540] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.559] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.577] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x31) returned 0x0 [0097.596] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.618] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x7) returned 0x0 [0097.627] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.652] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x125efaf4, ulCount=0x10, ulNumEntriesRemoved=0x125efadc, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x125efaf4, ulNumEntriesRemoved=0x125efadc) returned 0 [0097.652] SetEvent (hEvent=0x260) returned 1 [0097.652] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.653] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.656] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.657] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.660] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.661] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.673] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.685] SetEvent (hEvent=0x260) returned 1 [0097.685] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.732] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.749] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.757] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.759] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.764] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.765] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.767] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.776] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.818] SetEvent (hEvent=0x278) returned 1 [0097.818] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.840] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.851] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.868] SetEvent (hEvent=0x1e4) returned 1 [0097.868] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.893] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.903] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.919] SetEvent (hEvent=0x26c) returned 1 [0097.919] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.970] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0097.982] SetEvent (hEvent=0x1a4) returned 1 [0097.982] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0098.116] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0098.195] SetEvent (hEvent=0x278) returned 1 [0098.195] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0098.261] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0098.335] SetEvent (hEvent=0x260) returned 1 [0098.335] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0098.359] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0098.990] SetEvent (hEvent=0x260) returned 1 [0098.991] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.025] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.039] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.066] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.078] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.110] SetEvent (hEvent=0x278) returned 1 [0099.110] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.136] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.184] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.214] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.270] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.294] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.318] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.339] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.377] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.395] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.413] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.429] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.487] SetEvent (hEvent=0x278) returned 1 [0099.487] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.510] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.521] SetEvent (hEvent=0x278) returned 1 [0099.521] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.550] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.573] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.611] SetEvent (hEvent=0x1d0) returned 1 [0099.612] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.657] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.678] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.698] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.747] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.759] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.804] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.828] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.863] SetEvent (hEvent=0x278) returned 1 [0099.863] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x7) returned 0x102 [0099.902] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.902] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.908] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.911] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0099.950] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x8) returned 0x0 [0099.952] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x268, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x125efbcc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x125efbcc*=0x274) returned 1 [0099.952] SuspendThread (hThread=0x274) returned 0x0 [0099.952] GetThreadContext (in: hThread=0x274, lpContext=0x125efbe0 | out: lpContext=0x125efbe0*(ContextFlags=0x10001, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x0, Edx=0x0, Ecx=0x0, Eax=0x0, Ebp=0x347afe28, Eip=0x7783725c, SegCs=0x23, EFlags=0x202, Esp=0x347afc98, SegSs=0x2b, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0099.982] ResumeThread (hThread=0x274) returned 0x1 [0099.982] CloseHandle (hObject=0x274) returned 1 [0099.982] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.020] SetEvent (hEvent=0x26c) returned 1 [0100.020] SetEvent (hEvent=0x1a4) returned 1 [0100.020] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.052] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.085] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.111] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.134] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.159] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.199] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.217] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.264] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.278] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.295] SetEvent (hEvent=0x260) returned 1 [0100.295] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.349] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.370] SetEvent (hEvent=0x1a4) returned 1 [0100.370] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.395] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.422] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.440] SetEvent (hEvent=0x288) returned 1 [0100.440] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.450] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.471] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.513] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.518] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.543] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x10) returned 0x102 [0100.622] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.624] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x1f) returned 0x102 [0100.670] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.672] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.676] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.703] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.724] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0xa) returned 0x102 [0100.766] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.768] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.776] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.806] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.826] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.831] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.849] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x2b) returned 0x102 [0100.916] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0100.946] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x1a) returned 0x102 [0101.083] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0101.085] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x2b) returned 0x102 [0101.133] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0101.156] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x20) returned 0x102 [0101.225] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0101.229] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x2e) returned 0x102 [0101.279] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0101.323] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0xf) returned 0x102 [0101.370] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0101.372] WaitForMultipleObjects (nCount=0x2, lpHandles=0x125efeac*=0x13c, bWaitAll=0, dwMilliseconds=0x38) returned 0x102 [0101.449] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) returned 0x102 [0101.481] NtWaitForSingleObject (Object=0xffffffff, Alertable=0, Time=0x125efee8) Thread: id = 8 os_tid = 0x1034 [0092.395] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x126eff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x126eff28*=0x108) returned 1 [0092.395] VirtualQuery (in: lpAddress=0x126eff38, lpBuffer=0x126eff38, dwLength=0x1c | out: lpBuffer=0x126eff38*(BaseAddress=0x126ef000, AllocationBase=0x125f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0092.396] VirtualAlloc (lpAddress=0x12880000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12880000 [0092.396] VirtualAlloc (lpAddress=0x12882000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12882000 [0092.396] VirtualAlloc (lpAddress=0x12884000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12884000 [0092.396] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x12880000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10c [0092.397] CloseHandle (hObject=0x10c) returned 1 [0092.397] SetEvent (hEvent=0xfc) returned 1 [0092.397] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x10c [0092.397] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x110 [0092.397] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0092.967] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0092.982] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.044] SetEvent (hEvent=0x144) returned 1 [0093.044] VirtualAlloc (lpAddress=0x12912000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12912000 [0093.063] VirtualAlloc (lpAddress=0x1291a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1291a000 [0093.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users" (normalized: "c:\\users\\all users"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.064] CreateFileW (lpFileName="C:\\Users\\All Users" (normalized: "c:\\users\\all users"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x158 [0093.064] GetFileInformationByHandle (in: hFile=0x158, lpFileInformation=0x12917bd0 | out: lpFileInformation=0x12917bd0) returned 1 [0093.064] GetFileInformationByHandleEx (in: hFile=0x158, FileInformationClass=0x9, lpFileInformation=0x12917bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12917bc8) returned 1 [0093.064] CloseHandle (hObject=0x158) returned 1 [0093.065] GetFileAttributesW (lpFileName="C:\\Users\\All Users" (normalized: "c:\\users\\all users")) returned 0x2416 [0093.065] SetFileAttributesW (lpFileName="C:\\Users\\All Users", dwFileAttributes=0x2416) returned 1 [0093.065] CreateFileW (lpFileName="C:\\Users\\All Users" (normalized: "c:\\users\\all users"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0093.065] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*", lpFindFileData=0x12917b9c | out: lpFindFileData=0x12917b9c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xcb9c8f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x387f5bb4, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0x387f5bb4, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0093.065] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0093.065] VirtualAlloc (lpAddress=0x1291c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1291c000 [0093.066] GetFileAttributesW (lpFileName="C:\\Users\\All Users" (normalized: "c:\\users\\all users")) returned 0x2416 [0093.066] SetFileAttributesW (lpFileName="C:\\Users\\All Users", dwFileAttributes=0x2416) returned 1 [0093.066] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.103] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.133] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.141] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.170] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.186] SetEvent (hEvent=0x144) returned 1 [0093.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\NetHood" (normalized: "c:\\users\\default\\nethood"), fInfoLevelId=0x0, lpFileInformation=0x12833c44 | out: lpFileInformation=0x12833c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.186] CreateFileW (lpFileName="C:\\Users\\Default\\NetHood" (normalized: "c:\\users\\default\\nethood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.203] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12833bd0 | out: lpFileInformation=0x12833bd0) returned 1 [0093.203] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12833bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12833bc8) returned 1 [0093.203] CloseHandle (hObject=0x13c) returned 1 [0093.203] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.216] SetEvent (hEvent=0x150) returned 1 [0093.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\SendTo" (normalized: "c:\\users\\default\\sendto"), fInfoLevelId=0x0, lpFileInformation=0x12833c44 | out: lpFileInformation=0x12833c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.216] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo" (normalized: "c:\\users\\default\\sendto"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.216] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12833bd0 | out: lpFileInformation=0x12833bd0) returned 1 [0093.216] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12833bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12833bc8) returned 1 [0093.216] CloseHandle (hObject=0x13c) returned 1 [0093.216] GetFileAttributesW (lpFileName="C:\\Users\\Default\\SendTo" (normalized: "c:\\users\\default\\sendto")) returned 0x2416 [0093.216] SetFileAttributesW (lpFileName="C:\\Users\\Default\\SendTo", dwFileAttributes=0x2416) returned 1 [0093.217] CreateFileW (lpFileName="C:\\Users\\Default\\SendTo" (normalized: "c:\\users\\default\\sendto"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0093.217] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x12833b9c | out: lpFindFileData=0x12833b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0093.217] GetFileAttributesW (lpFileName="C:\\Users\\Default\\SendTo" (normalized: "c:\\users\\default\\sendto")) returned 0x2416 [0093.217] SetFileAttributesW (lpFileName="C:\\Users\\Default\\SendTo", dwFileAttributes=0x2417) returned 1 [0093.217] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.225] SetEvent (hEvent=0x144) returned 1 [0093.225] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Templates" (normalized: "c:\\users\\default\\templates"), fInfoLevelId=0x0, lpFileInformation=0x12833c44 | out: lpFileInformation=0x12833c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.225] CreateFileW (lpFileName="C:\\Users\\Default\\Templates" (normalized: "c:\\users\\default\\templates"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x158 [0093.245] GetFileInformationByHandle (in: hFile=0x158, lpFileInformation=0x12833bd0 | out: lpFileInformation=0x12833bd0) returned 1 [0093.245] GetFileInformationByHandleEx (in: hFile=0x158, FileInformationClass=0x9, lpFileInformation=0x12833bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12833bc8) returned 1 [0093.246] CloseHandle (hObject=0x158) returned 1 [0093.246] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.314] SetEvent (hEvent=0x144) returned 1 [0093.314] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music" (normalized: "c:\\users\\public\\documents\\my music"), fInfoLevelId=0x0, lpFileInformation=0x12833c44 | out: lpFileInformation=0x12833c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.314] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Music" (normalized: "c:\\users\\public\\documents\\my music"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x15c [0093.314] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x12833bd0 | out: lpFileInformation=0x12833bd0) returned 1 [0093.314] GetFileInformationByHandleEx (in: hFile=0x15c, FileInformationClass=0x9, lpFileInformation=0x12833bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12833bc8) returned 1 [0093.314] CloseHandle (hObject=0x15c) returned 1 [0093.314] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.397] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.414] SetEvent (hEvent=0x150) returned 1 [0093.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3816851, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97421a72, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97421a72, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3e7)) returned 1 [0093.414] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms")) returned 0x20 [0093.415] SetFileAttributesW (lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", dwFileAttributes=0x20) returned 1 [0093.415] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0093.415] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12917e88 | out: lpMode=0x12917e88) returned 0 [0093.415] GetFileType (hFile=0x15c) returned 0x1 [0093.415] GetFileType (hFile=0x15c) returned 0x1 [0093.415] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.415] ReadFile (in: hFile=0x15c, lpBuffer=0x129003b0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12917d14, lpOverlapped=0x0 | out: lpBuffer=0x129003b0*, lpNumberOfBytesRead=0x12917d14*=0x4, lpOverlapped=0x0) returned 1 [0093.482] SystemFunction036 (in: RandomBuffer=0x12930708, RandomBufferLength=0x10 | out: RandomBuffer=0x12930708) returned 1 [0093.482] SystemFunction036 (in: RandomBuffer=0x12930718, RandomBufferLength=0x10 | out: RandomBuffer=0x12930718) returned 1 [0093.482] VirtualAlloc (lpAddress=0x12948000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12948000 [0093.482] VirtualAlloc (lpAddress=0x1294c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1294c000 [0093.483] GetFileType (hFile=0x15c) returned 0x1 [0093.483] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0093.483] ReadFile (in: hFile=0x15c, lpBuffer=0x12948000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12917e80, lpOverlapped=0x0 | out: lpBuffer=0x12948000*, lpNumberOfBytesRead=0x12917e80*=0x3e7, lpOverlapped=0x0) returned 1 [0093.483] VirtualAlloc (lpAddress=0x1294e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1294e000 [0093.483] GetFileType (hFile=0x15c) returned 0x1 [0093.483] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0093.483] WriteFile (in: hFile=0x15c, lpBuffer=0x1294e000*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0x12917e78, lpOverlapped=0x0 | out: lpBuffer=0x1294e000*, lpNumberOfBytesWritten=0x12917e78*=0x3f0, lpOverlapped=0x0) returned 1 [0093.484] GetFileType (hFile=0x15c) returned 0x1 [0093.484] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0093.484] VirtualAlloc (lpAddress=0x12950000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12950000 [0093.485] SystemFunction036 (in: RandomBuffer=0x12950001, RandomBufferLength=0x40 | out: RandomBuffer=0x12950001) returned 1 [0093.485] VirtualAlloc (lpAddress=0x12952000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12952000 [0093.485] VirtualAlloc (lpAddress=0x12954000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12954000 [0093.485] VirtualAlloc (lpAddress=0x12956000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12956000 [0093.486] VirtualAlloc (lpAddress=0x1295a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1295a000 [0093.486] WriteFile (in: hFile=0x15c, lpBuffer=0x1290040c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12917d88, lpOverlapped=0x0 | out: lpBuffer=0x1290040c*, lpNumberOfBytesWritten=0x12917d88*=0x4, lpOverlapped=0x0) returned 1 [0093.486] WriteFile (in: hFile=0x15c, lpBuffer=0x12950100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12917d88, lpOverlapped=0x0 | out: lpBuffer=0x12950100*, lpNumberOfBytesWritten=0x12917d88*=0x100, lpOverlapped=0x0) returned 1 [0093.486] CloseHandle (hObject=0x15c) returned 1 [0093.487] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.crypted" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.crypted"), dwFlags=0x1) returned 1 [0093.488] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms")) returned 0xffffffff [0093.488] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.523] SetEvent (hEvent=0x150) returned 1 [0093.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data" (normalized: "c:\\users\\rdhj0cnfevzx\\application data"), fInfoLevelId=0x0, lpFileInformation=0x12863c44 | out: lpFileInformation=0x12863c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.523] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data" (normalized: "c:\\users\\rdhj0cnfevzx\\application data"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x15c [0093.523] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x12863bd0 | out: lpFileInformation=0x12863bd0) returned 1 [0093.524] GetFileInformationByHandleEx (in: hFile=0x15c, FileInformationClass=0x9, lpFileInformation=0x12863bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12863bc8) returned 1 [0093.524] CloseHandle (hObject=0x15c) returned 1 [0093.524] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data" (normalized: "c:\\users\\rdhj0cnfevzx\\application data")) returned 0x2416 [0093.524] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data", dwFileAttributes=0x2416) returned 1 [0093.524] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data" (normalized: "c:\\users\\rdhj0cnfevzx\\application data"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0093.524] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data\\*", lpFindFileData=0x12863b9c | out: lpFindFileData=0x12863b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0093.524] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data" (normalized: "c:\\users\\rdhj0cnfevzx\\application data")) returned 0x2416 [0093.524] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data", dwFileAttributes=0x2416) returned 1 [0093.525] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.541] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0093.557] SetEvent (hEvent=0x144) returned 1 [0093.557] VirtualAlloc (lpAddress=0x12878000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12878000 [0093.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1Km6TnsAdDf-JeC.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1km6tnsaddf-jec.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12863c44 | out: lpFileInformation=0x12863c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58f3a570, ftCreationTime.dwHighDateTime=0x1d709a7, ftLastAccessTime.dwLowDateTime=0x9b013180, ftLastAccessTime.dwHighDateTime=0x1d709bb, ftLastWriteTime.dwLowDateTime=0x9b013180, ftLastWriteTime.dwHighDateTime=0x1d709bb, nFileSizeHigh=0x0, nFileSizeLow=0x2677)) returned 1 [0093.558] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1Km6TnsAdDf-JeC.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1km6tnsaddf-jec.jpg")) returned 0x20 [0093.558] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1Km6TnsAdDf-JeC.jpg", dwFileAttributes=0x20) returned 1 [0093.558] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1Km6TnsAdDf-JeC.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1km6tnsaddf-jec.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0093.558] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12863e88 | out: lpMode=0x12863e88) returned 0 [0093.558] GetFileType (hFile=0x15c) returned 0x1 [0093.558] GetFileType (hFile=0x15c) returned 0x1 [0093.558] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.559] ReadFile (in: hFile=0x15c, lpBuffer=0x128102c0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12863d14, lpOverlapped=0x0 | out: lpBuffer=0x128102c0*, lpNumberOfBytesRead=0x12863d14*=0x4, lpOverlapped=0x0) returned 1 [0093.559] SystemFunction036 (in: RandomBuffer=0x12816488, RandomBufferLength=0x10 | out: RandomBuffer=0x12816488) returned 1 [0093.559] SystemFunction036 (in: RandomBuffer=0x12816498, RandomBufferLength=0x10 | out: RandomBuffer=0x12816498) returned 1 [0093.559] VirtualAlloc (lpAddress=0x1287a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1287a000 [0093.559] GetFileType (hFile=0x15c) returned 0x1 [0093.559] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0093.559] ReadFile (in: hFile=0x15c, lpBuffer=0x1287a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12863e80, lpOverlapped=0x0 | out: lpBuffer=0x1287a000*, lpNumberOfBytesRead=0x12863e80*=0x2677, lpOverlapped=0x0) returned 1 [0093.559] VirtualAlloc (lpAddress=0x12a00000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a00000 [0093.560] GetFileType (hFile=0x15c) returned 0x1 [0093.560] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0093.560] WriteFile (in: hFile=0x15c, lpBuffer=0x12a00000*, nNumberOfBytesToWrite=0x2680, lpNumberOfBytesWritten=0x12863e78, lpOverlapped=0x0 | out: lpBuffer=0x12a00000*, lpNumberOfBytesWritten=0x12863e78*=0x2680, lpOverlapped=0x0) returned 1 [0093.560] GetFileType (hFile=0x15c) returned 0x1 [0093.560] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0093.561] VirtualAlloc (lpAddress=0x1287e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1287e000 [0093.561] SystemFunction036 (in: RandomBuffer=0x1287e001, RandomBufferLength=0x40 | out: RandomBuffer=0x1287e001) returned 1 [0093.561] VirtualAlloc (lpAddress=0x12a0a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a0a000 [0093.561] VirtualAlloc (lpAddress=0x12a0c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a0c000 [0093.561] VirtualAlloc (lpAddress=0x12a10000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a10000 [0093.564] WriteFile (in: hFile=0x15c, lpBuffer=0x1281031c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12863d88, lpOverlapped=0x0 | out: lpBuffer=0x1281031c*, lpNumberOfBytesWritten=0x12863d88*=0x4, lpOverlapped=0x0) returned 1 [0093.564] WriteFile (in: hFile=0x15c, lpBuffer=0x1287e100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12863d88, lpOverlapped=0x0 | out: lpBuffer=0x1287e100*, lpNumberOfBytesWritten=0x12863d88*=0x100, lpOverlapped=0x0) returned 1 [0093.564] CloseHandle (hObject=0x15c) returned 1 [0093.603] VirtualAlloc (lpAddress=0x12a12000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a12000 [0093.603] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1Km6TnsAdDf-JeC.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1km6tnsaddf-jec.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1Km6TnsAdDf-JeC.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1km6tnsaddf-jec.jpg.crypted"), dwFlags=0x1) returned 1 [0094.217] SetEvent (hEvent=0x13c) returned 1 [0094.217] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1Km6TnsAdDf-JeC.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1km6tnsaddf-jec.jpg")) returned 0xffffffff [0094.220] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0094.290] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x12880b40, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x15c [0094.291] CloseHandle (hObject=0x15c) returned 1 [0094.291] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\AEQRz5sBzZhVu.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\aeqrz5sbzzhvu.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12b15c44 | out: lpFileInformation=0x12b15c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69a54cc0, ftCreationTime.dwHighDateTime=0x1d6fd9a, ftLastAccessTime.dwLowDateTime=0xd41ac2d0, ftLastAccessTime.dwHighDateTime=0x1d70892, ftLastWriteTime.dwLowDateTime=0xd41ac2d0, ftLastWriteTime.dwHighDateTime=0x1d70892, nFileSizeHigh=0x0, nFileSizeLow=0x82d5)) returned 1 [0094.291] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\AEQRz5sBzZhVu.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\aeqrz5sbzzhvu.bmp")) returned 0x20 [0094.291] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\AEQRz5sBzZhVu.bmp", dwFileAttributes=0x20) returned 1 [0094.291] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\AEQRz5sBzZhVu.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\aeqrz5sbzzhvu.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0094.291] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12b15e88 | out: lpMode=0x12b15e88) returned 0 [0094.291] GetFileType (hFile=0x15c) returned 0x1 [0094.291] GetFileType (hFile=0x15c) returned 0x1 [0094.291] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.291] ReadFile (in: hFile=0x15c, lpBuffer=0x1288b3c4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b15d14, lpOverlapped=0x0 | out: lpBuffer=0x1288b3c4*, lpNumberOfBytesRead=0x12b15d14*=0x4, lpOverlapped=0x0) returned 1 [0094.292] SystemFunction036 (in: RandomBuffer=0x128cced8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cced8) returned 1 [0094.292] SystemFunction036 (in: RandomBuffer=0x128ccee8, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccee8) returned 1 [0094.292] VirtualAlloc (lpAddress=0x12b20000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b20000 [0094.292] GetFileType (hFile=0x15c) returned 0x1 [0094.292] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0094.292] ReadFile (in: hFile=0x15c, lpBuffer=0x12b20000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b15e80, lpOverlapped=0x0 | out: lpBuffer=0x12b20000*, lpNumberOfBytesRead=0x12b15e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.292] VirtualAlloc (lpAddress=0x12b24000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b24000 [0094.293] GetFileType (hFile=0x15c) returned 0x1 [0094.293] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0094.293] WriteFile (in: hFile=0x15c, lpBuffer=0x12b24000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b15e78, lpOverlapped=0x0 | out: lpBuffer=0x12b24000*, lpNumberOfBytesWritten=0x12b15e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.297] GetFileType (hFile=0x15c) returned 0x1 [0094.297] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0094.297] SystemFunction036 (in: RandomBuffer=0x128df501, RandomBufferLength=0x40 | out: RandomBuffer=0x128df501) returned 1 [0094.297] VirtualAlloc (lpAddress=0x12b28000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b28000 [0094.297] WriteFile (in: hFile=0x15c, lpBuffer=0x1288b420*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b15d88, lpOverlapped=0x0 | out: lpBuffer=0x1288b420*, lpNumberOfBytesWritten=0x12b15d88*=0x4, lpOverlapped=0x0) returned 1 [0094.298] WriteFile (in: hFile=0x15c, lpBuffer=0x128df600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b15d88, lpOverlapped=0x0 | out: lpBuffer=0x128df600*, lpNumberOfBytesWritten=0x12b15d88*=0x100, lpOverlapped=0x0) returned 1 [0094.298] CloseHandle (hObject=0x15c) returned 1 [0094.299] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\AEQRz5sBzZhVu.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\aeqrz5sbzzhvu.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\AEQRz5sBzZhVu.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\aeqrz5sbzzhvu.bmp.crypted"), dwFlags=0x1) returned 1 [0094.829] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\AEQRz5sBzZhVu.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\aeqrz5sbzzhvu.bmp")) returned 0xffffffff [0094.867] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0094.913] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0094.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\nRv9Wkb9.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nrv9wkb9.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68e09360, ftCreationTime.dwHighDateTime=0x1d7030f, ftLastAccessTime.dwLowDateTime=0xa97771a0, ftLastAccessTime.dwHighDateTime=0x1d7061b, ftLastWriteTime.dwLowDateTime=0xa97771a0, ftLastWriteTime.dwHighDateTime=0x1d7061b, nFileSizeHigh=0x0, nFileSizeLow=0x82d)) returned 1 [0094.971] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\nRv9Wkb9.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nrv9wkb9.mp3")) returned 0x20 [0094.971] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\nRv9Wkb9.mp3", dwFileAttributes=0x20) returned 1 [0094.972] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\nRv9Wkb9.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nrv9wkb9.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0094.972] GetConsoleMode (in: hConsoleHandle=0x224, lpMode=0x12913e88 | out: lpMode=0x12913e88) returned 0 [0094.972] GetFileType (hFile=0x224) returned 0x1 [0094.972] GetFileType (hFile=0x224) returned 0x1 [0094.972] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.972] ReadFile (in: hFile=0x224, lpBuffer=0x12810730, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12913d14, lpOverlapped=0x0 | out: lpBuffer=0x12810730*, lpNumberOfBytesRead=0x12913d14*=0x4, lpOverlapped=0x0) returned 1 [0094.972] SystemFunction036 (in: RandomBuffer=0x12817518, RandomBufferLength=0x10 | out: RandomBuffer=0x12817518) returned 1 [0094.972] SystemFunction036 (in: RandomBuffer=0x12817528, RandomBufferLength=0x10 | out: RandomBuffer=0x12817528) returned 1 [0094.972] VirtualAlloc (lpAddress=0x12c18000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c18000 [0094.972] GetFileType (hFile=0x224) returned 0x1 [0094.972] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0094.973] ReadFile (in: hFile=0x224, lpBuffer=0x12c18000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12913e80, lpOverlapped=0x0 | out: lpBuffer=0x12c18000*, lpNumberOfBytesRead=0x12913e80*=0x82d, lpOverlapped=0x0) returned 1 [0094.973] VirtualAlloc (lpAddress=0x12c1c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c1c000 [0094.973] GetFileType (hFile=0x224) returned 0x1 [0094.973] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0094.973] WriteFile (in: hFile=0x224, lpBuffer=0x12c1c000*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0x12913e78, lpOverlapped=0x0 | out: lpBuffer=0x12c1c000*, lpNumberOfBytesWritten=0x12913e78*=0x830, lpOverlapped=0x0) returned 1 [0094.973] GetFileType (hFile=0x224) returned 0x1 [0094.973] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0094.974] SystemFunction036 (in: RandomBuffer=0x12a7e501, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7e501) returned 1 [0094.974] WriteFile (in: hFile=0x224, lpBuffer=0x1281078c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x1281078c*, lpNumberOfBytesWritten=0x12913d88*=0x4, lpOverlapped=0x0) returned 1 [0094.974] WriteFile (in: hFile=0x224, lpBuffer=0x12a7e600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x12a7e600*, lpNumberOfBytesWritten=0x12913d88*=0x100, lpOverlapped=0x0) returned 1 [0094.974] CloseHandle (hObject=0x224) returned 1 [0095.016] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\nRv9Wkb9.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nrv9wkb9.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\nRv9Wkb9.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nrv9wkb9.mp3.crypted"), dwFlags=0x1) returned 1 [0096.610] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0096.638] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\nRv9Wkb9.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nrv9wkb9.mp3")) returned 0xffffffff [0096.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings" (normalized: "c:\\users\\rdhj0cnfevzx\\local settings"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.670] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings" (normalized: "c:\\users\\rdhj0cnfevzx\\local settings"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x308 [0096.670] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0x12913bd0 | out: lpFileInformation=0x12913bd0) returned 1 [0096.671] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0x12913bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12913bc8) returned 1 [0096.671] CloseHandle (hObject=0x308) returned 1 [0096.671] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings" (normalized: "c:\\users\\rdhj0cnfevzx\\local settings")) returned 0x2416 [0096.671] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings", dwFileAttributes=0x2416) returned 1 [0096.671] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings" (normalized: "c:\\users\\rdhj0cnfevzx\\local settings"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.671] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings\\*", lpFindFileData=0x12913b9c | out: lpFindFileData=0x12913b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0096.671] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings" (normalized: "c:\\users\\rdhj0cnfevzx\\local settings")) returned 0x2416 [0096.671] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings", dwFileAttributes=0x2416) returned 1 [0096.671] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0096.770] SetEvent (hEvent=0x180) returned 1 [0096.770] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) Thread: id = 9 os_tid = 0x1038 [0092.403] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x127eff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x127eff28*=0x114) returned 1 [0092.403] VirtualQuery (in: lpAddress=0x127eff38, lpBuffer=0x127eff38, dwLength=0x1c | out: lpBuffer=0x127eff38*(BaseAddress=0x127ef000, AllocationBase=0x126f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0092.403] VirtualAlloc (lpAddress=0x1283a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1283a000 [0092.403] SetEvent (hEvent=0xfc) returned 1 [0092.403] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x118 [0092.404] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x11c [0092.404] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0092.834] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0092.895] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x127efa24, ulCount=0x10, ulNumEntriesRemoved=0x127efa0c, dwMilliseconds=0x3bc, fAlertable=0 | out: lpCompletionPortEntries=0x127efa24, ulNumEntriesRemoved=0x127efa0c) returned 0 [0093.887] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0093.896] SetEvent (hEvent=0xfc) returned 1 [0093.896] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0093.972] VirtualAlloc (lpAddress=0x129ce000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x129ce000 [0093.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\OKumVv-WW9xG3 X7.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\okumvv-ww9xg3 x7.wav"), fInfoLevelId=0x0, lpFileInformation=0x129d3c44 | out: lpFileInformation=0x129d3c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf64e85f0, ftCreationTime.dwHighDateTime=0x1d70994, ftLastAccessTime.dwLowDateTime=0xfbaf8cd0, ftLastAccessTime.dwHighDateTime=0x1d70a4b, ftLastWriteTime.dwLowDateTime=0xfbaf8cd0, ftLastWriteTime.dwHighDateTime=0x1d70a4b, nFileSizeHigh=0x0, nFileSizeLow=0xc4da)) returned 1 [0093.973] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\OKumVv-WW9xG3 X7.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\okumvv-ww9xg3 x7.wav")) returned 0x20 [0093.973] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\OKumVv-WW9xG3 X7.wav", dwFileAttributes=0x20) returned 1 [0093.973] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\OKumVv-WW9xG3 X7.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\okumvv-ww9xg3 x7.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0093.973] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0x129d3e88 | out: lpMode=0x129d3e88) returned 0 [0094.000] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0094.024] GetFileType (hFile=0x1ac) returned 0x1 [0094.024] GetFileType (hFile=0x1ac) returned 0x1 [0094.024] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.024] ReadFile (in: hFile=0x1ac, lpBuffer=0x12900698, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129d3d14, lpOverlapped=0x0 | out: lpBuffer=0x12900698*, lpNumberOfBytesRead=0x129d3d14*=0x4, lpOverlapped=0x0) returned 1 [0094.024] SystemFunction036 (in: RandomBuffer=0x12931108, RandomBufferLength=0x10 | out: RandomBuffer=0x12931108) returned 1 [0094.024] SystemFunction036 (in: RandomBuffer=0x12931118, RandomBufferLength=0x10 | out: RandomBuffer=0x12931118) returned 1 [0094.024] VirtualAlloc (lpAddress=0x12aa2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12aa2000 [0094.024] GetFileType (hFile=0x1ac) returned 0x1 [0094.024] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0x0) returned 1 [0094.024] ReadFile (in: hFile=0x1ac, lpBuffer=0x12aa2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d3e80, lpOverlapped=0x0 | out: lpBuffer=0x12aa2000*, lpNumberOfBytesRead=0x129d3e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.025] VirtualAlloc (lpAddress=0x12aa6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12aa6000 [0094.025] GetFileType (hFile=0x1ac) returned 0x1 [0094.025] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0x0) returned 1 [0094.025] WriteFile (in: hFile=0x1ac, lpBuffer=0x12aa6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129d3e78, lpOverlapped=0x0 | out: lpBuffer=0x12aa6000*, lpNumberOfBytesWritten=0x129d3e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.026] GetFileType (hFile=0x1ac) returned 0x1 [0094.026] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0x0) returned 1 [0094.026] ReadFile (in: hFile=0x1ac, lpBuffer=0x12aa2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d3e80, lpOverlapped=0x0 | out: lpBuffer=0x12aa2000*, lpNumberOfBytesRead=0x129d3e80*=0x4da, lpOverlapped=0x0) returned 1 [0094.026] VirtualAlloc (lpAddress=0x12aaa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12aaa000 [0094.026] GetFileType (hFile=0x1ac) returned 0x1 [0094.026] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0x0) returned 1 [0094.026] WriteFile (in: hFile=0x1ac, lpBuffer=0x12aaa000*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x129d3e78, lpOverlapped=0x0 | out: lpBuffer=0x12aaa000*, lpNumberOfBytesWritten=0x129d3e78*=0x4e0, lpOverlapped=0x0) returned 1 [0094.026] GetFileType (hFile=0x1ac) returned 0x1 [0094.026] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0x0) returned 1 [0094.026] SystemFunction036 (in: RandomBuffer=0x12950f01, RandomBufferLength=0x40 | out: RandomBuffer=0x12950f01) returned 1 [0094.027] WriteFile (in: hFile=0x1ac, lpBuffer=0x129006f4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129d3d88, lpOverlapped=0x0 | out: lpBuffer=0x129006f4*, lpNumberOfBytesWritten=0x129d3d88*=0x4, lpOverlapped=0x0) returned 1 [0094.027] WriteFile (in: hFile=0x1ac, lpBuffer=0x12951000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129d3d88, lpOverlapped=0x0 | out: lpBuffer=0x12951000*, lpNumberOfBytesWritten=0x129d3d88*=0x100, lpOverlapped=0x0) returned 1 [0094.027] CloseHandle (hObject=0x1ac) returned 1 [0094.085] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0094.111] VirtualAlloc (lpAddress=0x12b0c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b0c000 [0094.111] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\OKumVv-WW9xG3 X7.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\okumvv-ww9xg3 x7.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\OKumVv-WW9xG3 X7.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\okumvv-ww9xg3 x7.wav.crypted"), dwFlags=0x1) returned 1 [0094.768] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\OKumVv-WW9xG3 X7.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\okumvv-ww9xg3 x7.wav")) returned 0xffffffff [0094.794] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0094.815] SetEvent (hEvent=0xfc) returned 1 [0094.815] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0094.857] SetEvent (hEvent=0x16c) returned 1 [0094.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\EI7WNGL9jviw5Iu.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\ei7wngl9jviw5iu.pps"), fInfoLevelId=0x0, lpFileInformation=0x129cfc44 | out: lpFileInformation=0x129cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c378d80, ftCreationTime.dwHighDateTime=0x1d6fea4, ftLastAccessTime.dwLowDateTime=0xe19a0350, ftLastAccessTime.dwHighDateTime=0x1d70282, ftLastWriteTime.dwLowDateTime=0xe19a0350, ftLastWriteTime.dwHighDateTime=0x1d70282, nFileSizeHigh=0x0, nFileSizeLow=0x177f)) returned 1 [0094.857] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\EI7WNGL9jviw5Iu.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\ei7wngl9jviw5iu.pps")) returned 0x20 [0094.857] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\EI7WNGL9jviw5Iu.pps", dwFileAttributes=0x20) returned 1 [0094.857] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\EI7WNGL9jviw5Iu.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\ei7wngl9jviw5iu.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0094.857] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0x129cfe88 | out: lpMode=0x129cfe88) returned 0 [0094.857] GetFileType (hFile=0x204) returned 0x1 [0094.858] GetFileType (hFile=0x204) returned 0x1 [0094.858] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.858] ReadFile (in: hFile=0x204, lpBuffer=0x1298e440, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129cfd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e440*, lpNumberOfBytesRead=0x129cfd14*=0x4, lpOverlapped=0x0) returned 1 [0094.858] SystemFunction036 (in: RandomBuffer=0x129a3338, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3338) returned 1 [0094.858] SystemFunction036 (in: RandomBuffer=0x129a3348, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3348) returned 1 [0094.858] VirtualAlloc (lpAddress=0x12b8e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b8e000 [0094.858] GetFileType (hFile=0x204) returned 0x1 [0094.858] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0094.858] ReadFile (in: hFile=0x204, lpBuffer=0x12b8e000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129cfe80, lpOverlapped=0x0 | out: lpBuffer=0x12b8e000*, lpNumberOfBytesRead=0x129cfe80*=0x177f, lpOverlapped=0x0) returned 1 [0094.859] VirtualAlloc (lpAddress=0x12b92000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b92000 [0094.859] GetFileType (hFile=0x204) returned 0x1 [0094.859] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0094.859] WriteFile (in: hFile=0x204, lpBuffer=0x12b92000*, nNumberOfBytesToWrite=0x1780, lpNumberOfBytesWritten=0x129cfe78, lpOverlapped=0x0 | out: lpBuffer=0x12b92000*, lpNumberOfBytesWritten=0x129cfe78*=0x1780, lpOverlapped=0x0) returned 1 [0094.859] GetFileType (hFile=0x204) returned 0x1 [0094.859] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0094.859] SystemFunction036 (in: RandomBuffer=0x129b9b01, RandomBufferLength=0x40 | out: RandomBuffer=0x129b9b01) returned 1 [0094.859] VirtualAlloc (lpAddress=0x12b98000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b98000 [0094.860] WriteFile (in: hFile=0x204, lpBuffer=0x1298e49c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x1298e49c*, lpNumberOfBytesWritten=0x129cfd88*=0x4, lpOverlapped=0x0) returned 1 [0094.860] WriteFile (in: hFile=0x204, lpBuffer=0x129b9c00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x129b9c00*, lpNumberOfBytesWritten=0x129cfd88*=0x100, lpOverlapped=0x0) returned 1 [0094.860] CloseHandle (hObject=0x204) returned 1 [0095.123] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) returned 0x0 [0095.175] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\EI7WNGL9jviw5Iu.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\ei7wngl9jviw5iu.pps"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\EI7WNGL9jviw5Iu.pps.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\ei7wngl9jviw5iu.pps.crypted"), dwFlags=0x1) returned 1 [0097.113] SetEvent (hEvent=0x2cc) returned 1 [0097.113] WaitForSingleObject (hHandle=0x118, dwMilliseconds=0xffffffff) Thread: id = 10 os_tid = 0x10b0 [0092.725] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x328fff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x328fff28*=0x140) returned 1 [0092.725] VirtualQuery (in: lpAddress=0x328fff38, lpBuffer=0x328fff38, dwLength=0x1c | out: lpBuffer=0x328fff38*(BaseAddress=0x328ff000, AllocationBase=0x32800000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0092.725] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x144 [0092.725] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x148 [0092.725] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0092.834] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0092.903] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x12880480, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x14c [0092.904] CloseHandle (hObject=0x14c) returned 1 [0092.904] GetFileAttributesExW (in: lpFileName="C:\\BOOTNXT" (normalized: "c:\\bootnxt"), fInfoLevelId=0x0, lpFileInformation=0x12833c44 | out: lpFileInformation=0x12833c44*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xe5533ee0, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x78b27f82, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1)) returned 1 [0092.904] GetProcAddress (hModule=0x765d0000, lpProcName="GetFileAttributesW") returned 0x765f6a50 [0092.904] GetFileAttributesW (lpFileName="C:\\BOOTNXT" (normalized: "c:\\bootnxt")) returned 0x26 [0092.904] GetProcAddress (hModule=0x765d0000, lpProcName="SetFileAttributesW") returned 0x765f6c20 [0092.904] SetFileAttributesW (lpFileName="C:\\BOOTNXT", dwFileAttributes=0x26) returned 1 [0092.905] CreateFileW (lpFileName="C:\\BOOTNXT" (normalized: "c:\\bootnxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0092.905] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0x12833e88 | out: lpMode=0x12833e88) returned 0 [0092.905] GetFileType (hFile=0x14c) returned 0x1 [0092.905] VirtualAlloc (lpAddress=0x128d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128d6000 [0092.905] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x800) returned 0x74910000 [0092.906] GetProcAddress (hModule=0x74910000, lpProcName="SystemFunction036") returned 0x74402a60 [0092.906] SystemFunction036 (in: RandomBuffer=0x128cc078, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc078) returned 1 [0092.906] SystemFunction036 (in: RandomBuffer=0x128cc088, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc088) returned 1 [0092.906] VirtualAlloc (lpAddress=0x128d8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x128d8000 [0092.906] GetFileType (hFile=0x14c) returned 0x1 [0092.906] GetProcAddress (hModule=0x765d0000, lpProcName="SetFilePointerEx") returned 0x765f6c50 [0092.906] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0092.906] GetProcAddress (hModule=0x765d0000, lpProcName="ReadFile") returned 0x765f6bb0 [0092.906] ReadFile (in: hFile=0x14c, lpBuffer=0x128d8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12833e80, lpOverlapped=0x0 | out: lpBuffer=0x128d8000*, lpNumberOfBytesRead=0x12833e80*=0x1, lpOverlapped=0x0) returned 1 [0092.907] GetFileType (hFile=0x14c) returned 0x1 [0092.907] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0092.907] WriteFile (in: hFile=0x14c, lpBuffer=0x1288ab90*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x12833e78, lpOverlapped=0x0 | out: lpBuffer=0x1288ab90*, lpNumberOfBytesWritten=0x12833e78*=0x10, lpOverlapped=0x0) returned 1 [0092.908] VirtualAlloc (lpAddress=0x128dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128dc000 [0092.908] GetFileType (hFile=0x14c) returned 0x1 [0092.908] SetFilePointerEx (in: hFile=0x14c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0092.908] VirtualAlloc (lpAddress=0x128de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128de000 [0092.908] SystemFunction036 (in: RandomBuffer=0x128de001, RandomBufferLength=0x40 | out: RandomBuffer=0x128de001) returned 1 [0092.909] VirtualAlloc (lpAddress=0x128e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128e0000 [0092.909] VirtualAlloc (lpAddress=0x128e2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x128e2000 [0092.909] VirtualAlloc (lpAddress=0x128e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128e6000 [0092.910] WriteFile (in: hFile=0x14c, lpBuffer=0x1288abfc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12833d88, lpOverlapped=0x0 | out: lpBuffer=0x1288abfc*, lpNumberOfBytesWritten=0x12833d88*=0x4, lpOverlapped=0x0) returned 1 [0092.910] WriteFile (in: hFile=0x14c, lpBuffer=0x128de100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12833d88, lpOverlapped=0x0 | out: lpBuffer=0x128de100*, lpNumberOfBytesWritten=0x12833d88*=0x100, lpOverlapped=0x0) returned 1 [0092.910] CloseHandle (hObject=0x14c) returned 1 [0092.911] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x800) returned 0x765d0000 [0092.911] GetProcAddress (hModule=0x765d0000, lpProcName="MoveFileExW") returned 0x765eb2b0 [0092.911] MoveFileExW (lpExistingFileName="C:\\BOOTNXT" (normalized: "c:\\bootnxt"), lpNewFileName="C:\\BOOTNXT.crypted" (normalized: "c:\\bootnxt.crypted"), dwFlags=0x1) returned 1 [0092.912] GetFileAttributesW (lpFileName="C:\\BOOTNXT" (normalized: "c:\\bootnxt")) returned 0xffffffff [0092.912] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.079] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.089] SetEvent (hEvent=0x10c) returned 1 [0093.089] VirtualAlloc (lpAddress=0x1285c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1285c000 [0093.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Application Data" (normalized: "c:\\users\\default\\application data"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d54d8a8, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d54d8a8, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d54d8a8, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.090] CreateFileW (lpFileName="C:\\Users\\Default\\Application Data" (normalized: "c:\\users\\default\\application data"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.123] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12837bd0 | out: lpFileInformation=0x12837bd0) returned 1 [0093.123] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12837bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12837bc8) returned 1 [0093.123] CloseHandle (hObject=0x13c) returned 1 [0093.123] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.133] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures" (normalized: "c:\\users\\default\\documents\\my pictures"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.133] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Pictures" (normalized: "c:\\users\\default\\documents\\my pictures"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.144] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12913bd0 | out: lpFileInformation=0x12913bd0) returned 1 [0093.144] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12913bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12913bc8) returned 1 [0093.144] CloseHandle (hObject=0x13c) returned 1 [0093.144] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\My Documents" (normalized: "c:\\users\\default\\my documents"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.169] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents" (normalized: "c:\\users\\default\\my documents"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.169] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12913bd0 | out: lpFileInformation=0x12913bd0) returned 1 [0093.169] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12913bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12913bc8) returned 1 [0093.169] CloseHandle (hObject=0x13c) returned 1 [0093.169] GetFileAttributesW (lpFileName="C:\\Users\\Default\\My Documents" (normalized: "c:\\users\\default\\my documents")) returned 0x2416 [0093.169] SetFileAttributesW (lpFileName="C:\\Users\\Default\\My Documents", dwFileAttributes=0x2416) returned 1 [0093.169] CreateFileW (lpFileName="C:\\Users\\Default\\My Documents" (normalized: "c:\\users\\default\\my documents"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0093.169] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x12913b9c | out: lpFindFileData=0x12913b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0093.169] GetFileAttributesW (lpFileName="C:\\Users\\Default\\My Documents" (normalized: "c:\\users\\default\\my documents")) returned 0x2416 [0093.170] SetFileAttributesW (lpFileName="C:\\Users\\Default\\My Documents", dwFileAttributes=0x2417) returned 1 [0093.170] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.200] SetEvent (hEvent=0x150) returned 1 [0093.200] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\PrintHood" (normalized: "c:\\users\\default\\printhood"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.200] CreateFileW (lpFileName="C:\\Users\\Default\\PrintHood" (normalized: "c:\\users\\default\\printhood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.202] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12913bd0 | out: lpFileInformation=0x12913bd0) returned 1 [0093.202] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12913bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12913bc8) returned 1 [0093.202] CloseHandle (hObject=0x13c) returned 1 [0093.202] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default User" (normalized: "c:\\users\\default user"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.236] CreateFileW (lpFileName="C:\\Users\\Default User" (normalized: "c:\\users\\default user"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.236] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12913bd0 | out: lpFileInformation=0x12913bd0) returned 1 [0093.236] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12913bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12913bc8) returned 1 [0093.236] CloseHandle (hObject=0x13c) returned 1 [0093.237] GetFileAttributesW (lpFileName="C:\\Users\\Default User" (normalized: "c:\\users\\default user")) returned 0x2416 [0093.237] SetFileAttributesW (lpFileName="C:\\Users\\Default User", dwFileAttributes=0x2416) returned 1 [0093.237] CreateFileW (lpFileName="C:\\Users\\Default User" (normalized: "c:\\users\\default user"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0093.237] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*", lpFindFileData=0x12913b9c | out: lpFindFileData=0x12913b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0093.237] GetFileAttributesW (lpFileName="C:\\Users\\Default User" (normalized: "c:\\users\\default user")) returned 0x2416 [0093.237] SetFileAttributesW (lpFileName="C:\\Users\\Default User", dwFileAttributes=0x2417) returned 1 [0093.237] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.360] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.372] SetEvent (hEvent=0x10c) returned 1 [0093.372] VirtualAlloc (lpAddress=0x1285e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x1285e000 [0093.372] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos" (normalized: "c:\\users\\public\\documents\\my videos"), fInfoLevelId=0x0, lpFileInformation=0x12863c44 | out: lpFileInformation=0x12863c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d5bfea2, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d5bfea2, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d5bfea2, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.372] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Videos" (normalized: "c:\\users\\public\\documents\\my videos"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x15c [0093.373] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x12863bd0 | out: lpFileInformation=0x12863bd0) returned 1 [0093.373] GetFileInformationByHandleEx (in: hFile=0x15c, FileInformationClass=0x9, lpFileInformation=0x12863bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12863bc8) returned 1 [0093.373] CloseHandle (hObject=0x15c) returned 1 [0093.373] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.603] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0093.609] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\66BvrGNc-jk.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\66bvrgnc-jk.wav"), fInfoLevelId=0x0, lpFileInformation=0x12833c44 | out: lpFileInformation=0x12833c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53e9fe40, ftCreationTime.dwHighDateTime=0x1d6fc77, ftLastAccessTime.dwLowDateTime=0x57cd0760, ftLastAccessTime.dwHighDateTime=0x1d70905, ftLastWriteTime.dwLowDateTime=0x57cd0760, ftLastWriteTime.dwHighDateTime=0x1d70905, nFileSizeHigh=0x0, nFileSizeLow=0x1581c)) returned 1 [0093.609] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\66BvrGNc-jk.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\66bvrgnc-jk.wav")) returned 0x20 [0093.609] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\66BvrGNc-jk.wav", dwFileAttributes=0x20) returned 1 [0093.609] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\66BvrGNc-jk.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\66bvrgnc-jk.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0093.610] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0x12833e88 | out: lpMode=0x12833e88) returned 0 [0093.610] GetFileType (hFile=0x164) returned 0x1 [0093.610] GetFileType (hFile=0x164) returned 0x1 [0093.610] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.610] ReadFile (in: hFile=0x164, lpBuffer=0x1288b1b4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12833d14, lpOverlapped=0x0 | out: lpBuffer=0x1288b1b4*, lpNumberOfBytesRead=0x12833d14*=0x4, lpOverlapped=0x0) returned 1 [0093.610] SystemFunction036 (in: RandomBuffer=0x128cc898, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc898) returned 1 [0093.610] SystemFunction036 (in: RandomBuffer=0x128cc8a8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc8a8) returned 1 [0093.610] VirtualAlloc (lpAddress=0x128ec000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x128ec000 [0093.610] GetFileType (hFile=0x164) returned 0x1 [0093.610] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0093.611] ReadFile (in: hFile=0x164, lpBuffer=0x128ec000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12833e80, lpOverlapped=0x0 | out: lpBuffer=0x128ec000*, lpNumberOfBytesRead=0x12833e80*=0x4000, lpOverlapped=0x0) returned 1 [0093.611] VirtualAlloc (lpAddress=0x128f0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x128f0000 [0093.612] GetFileType (hFile=0x164) returned 0x1 [0093.612] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0093.612] WriteFile (in: hFile=0x164, lpBuffer=0x128f0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12833e78, lpOverlapped=0x0 | out: lpBuffer=0x128f0000*, lpNumberOfBytesWritten=0x12833e78*=0x4000, lpOverlapped=0x0) returned 1 [0093.612] GetFileType (hFile=0x164) returned 0x1 [0093.612] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0093.612] SystemFunction036 (in: RandomBuffer=0x128de301, RandomBufferLength=0x40 | out: RandomBuffer=0x128de301) returned 1 [0093.612] WriteFile (in: hFile=0x164, lpBuffer=0x1288b210*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12833d88, lpOverlapped=0x0 | out: lpBuffer=0x1288b210*, lpNumberOfBytesWritten=0x12833d88*=0x4, lpOverlapped=0x0) returned 1 [0093.612] WriteFile (in: hFile=0x164, lpBuffer=0x128de400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12833d88, lpOverlapped=0x0 | out: lpBuffer=0x128de400*, lpNumberOfBytesWritten=0x12833d88*=0x100, lpOverlapped=0x0) returned 1 [0093.613] CloseHandle (hObject=0x164) returned 1 [0093.624] VirtualAlloc (lpAddress=0x128f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128f4000 [0093.624] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\66BvrGNc-jk.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\66bvrgnc-jk.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\66BvrGNc-jk.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\66bvrgnc-jk.wav.crypted"), dwFlags=0x1) returned 1 [0094.445] SetEvent (hEvent=0x13c) returned 1 [0094.445] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\66BvrGNc-jk.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\66bvrgnc-jk.wav")) returned 0xffffffff [0094.448] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0094.478] SetEvent (hEvent=0x26c) returned 1 [0094.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\DSGla4p6Xu.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\dsgla4p6xu.flv"), fInfoLevelId=0x0, lpFileInformation=0x12b31c44 | out: lpFileInformation=0x12b31c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b74d40, ftCreationTime.dwHighDateTime=0x1d70369, ftLastAccessTime.dwLowDateTime=0x51cf3230, ftLastAccessTime.dwHighDateTime=0x1d70607, ftLastWriteTime.dwLowDateTime=0x51cf3230, ftLastWriteTime.dwHighDateTime=0x1d70607, nFileSizeHigh=0x0, nFileSizeLow=0x18f23)) returned 1 [0094.479] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\DSGla4p6Xu.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\dsgla4p6xu.flv")) returned 0x20 [0094.479] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\DSGla4p6Xu.flv", dwFileAttributes=0x20) returned 1 [0094.479] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\DSGla4p6Xu.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\dsgla4p6xu.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x188 [0094.479] GetConsoleMode (in: hConsoleHandle=0x188, lpMode=0x12b31e88 | out: lpMode=0x12b31e88) returned 0 [0094.479] GetFileType (hFile=0x188) returned 0x1 [0094.479] GetFileType (hFile=0x188) returned 0x1 [0094.479] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b31e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.480] ReadFile (in: hFile=0x188, lpBuffer=0x1288b4c0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b31d14, lpOverlapped=0x0 | out: lpBuffer=0x1288b4c0*, lpNumberOfBytesRead=0x12b31d14*=0x4, lpOverlapped=0x0) returned 1 [0094.480] SystemFunction036 (in: RandomBuffer=0x128cd518, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd518) returned 1 [0094.480] SystemFunction036 (in: RandomBuffer=0x128cd528, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd528) returned 1 [0094.480] VirtualAlloc (lpAddress=0x12b3a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b3a000 [0094.480] GetFileType (hFile=0x188) returned 0x1 [0094.480] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b31e9c | out: lpNewFilePointer=0x0) returned 1 [0094.480] ReadFile (in: hFile=0x188, lpBuffer=0x12b3a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b31e80, lpOverlapped=0x0 | out: lpBuffer=0x12b3a000*, lpNumberOfBytesRead=0x12b31e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.481] VirtualAlloc (lpAddress=0x12b3e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b3e000 [0094.481] GetFileType (hFile=0x188) returned 0x1 [0094.481] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b31e9c | out: lpNewFilePointer=0x0) returned 1 [0094.481] WriteFile (in: hFile=0x188, lpBuffer=0x12b3e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b31e78, lpOverlapped=0x0 | out: lpBuffer=0x12b3e000*, lpNumberOfBytesWritten=0x12b31e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.481] GetFileType (hFile=0x188) returned 0x1 [0094.482] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b31e9c | out: lpNewFilePointer=0x0) returned 1 [0094.482] SystemFunction036 (in: RandomBuffer=0x128dfc01, RandomBufferLength=0x40 | out: RandomBuffer=0x128dfc01) returned 1 [0094.482] VirtualAlloc (lpAddress=0x12b42000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b42000 [0094.483] WriteFile (in: hFile=0x188, lpBuffer=0x1288b51c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b31d88, lpOverlapped=0x0 | out: lpBuffer=0x1288b51c*, lpNumberOfBytesWritten=0x12b31d88*=0x4, lpOverlapped=0x0) returned 1 [0094.483] WriteFile (in: hFile=0x188, lpBuffer=0x128dfd00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b31d88, lpOverlapped=0x0 | out: lpBuffer=0x128dfd00*, lpNumberOfBytesWritten=0x12b31d88*=0x100, lpOverlapped=0x0) returned 1 [0094.483] CloseHandle (hObject=0x188) returned 1 [0094.488] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\DSGla4p6Xu.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\dsgla4p6xu.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\DSGla4p6Xu.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\dsgla4p6xu.flv.crypted"), dwFlags=0x1) returned 1 [0097.435] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\DSGla4p6Xu.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\dsgla4p6xu.flv")) returned 0xffffffff [0097.470] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0097.522] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) Thread: id = 11 os_tid = 0x10b4 [0092.973] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x32a3ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x32a3ff28*=0x14c) returned 1 [0092.973] VirtualQuery (in: lpAddress=0x32a3ff38, lpBuffer=0x32a3ff38, dwLength=0x1c | out: lpBuffer=0x32a3ff38*(BaseAddress=0x32a3f000, AllocationBase=0x32940000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0092.973] SetEvent (hEvent=0x10c) returned 1 [0092.973] GetFileAttributesExW (in: lpFileName="C:\\Documents and Settings" (normalized: "c:\\documents and settings"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0092.973] CreateFileW (lpFileName="C:\\Documents and Settings" (normalized: "c:\\documents and settings"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x150 [0092.974] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0x12837bd0 | out: lpFileInformation=0x12837bd0) returned 1 [0092.974] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0x12837bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12837bc8) returned 1 [0092.974] CloseHandle (hObject=0x150) returned 1 [0092.974] GetFileAttributesW (lpFileName="C:\\Documents and Settings" (normalized: "c:\\documents and settings")) returned 0x2416 [0092.974] SetFileAttributesW (lpFileName="C:\\Documents and Settings", dwFileAttributes=0x2416) returned 1 [0092.974] CreateFileW (lpFileName="C:\\Documents and Settings" (normalized: "c:\\documents and settings"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0092.974] VirtualAlloc (lpAddress=0x1285a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1285a000 [0092.975] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*", lpFindFileData=0x12837b9c | out: lpFindFileData=0x12837b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0092.975] GetFileAttributesW (lpFileName="C:\\Documents and Settings" (normalized: "c:\\documents and settings")) returned 0x2416 [0092.975] SetFileAttributesW (lpFileName="C:\\Documents and Settings", dwFileAttributes=0x2417) returned 1 [0092.975] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x150 [0092.975] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x154 [0092.975] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.077] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Cookies" (normalized: "c:\\users\\default\\cookies"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.103] CreateFileW (lpFileName="C:\\Users\\Default\\Cookies" (normalized: "c:\\users\\default\\cookies"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.125] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12917bd0 | out: lpFileInformation=0x12917bd0) returned 1 [0093.125] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12917bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12917bc8) returned 1 [0093.125] CloseHandle (hObject=0x13c) returned 1 [0093.125] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.129] SetEvent (hEvent=0x10c) returned 1 [0093.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music" (normalized: "c:\\users\\default\\documents\\my music"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.129] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Music" (normalized: "c:\\users\\default\\documents\\my music"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.140] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12917bd0 | out: lpFileInformation=0x12917bd0) returned 1 [0093.140] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12917bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12917bc8) returned 1 [0093.140] CloseHandle (hObject=0x13c) returned 1 [0093.140] VirtualAlloc (lpAddress=0x12932000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12932000 [0093.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos" (normalized: "c:\\users\\default\\documents\\my videos"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.141] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\My Videos" (normalized: "c:\\users\\default\\documents\\my videos"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.151] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12917bd0 | out: lpFileInformation=0x12917bd0) returned 1 [0093.151] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12917bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12917bc8) returned 1 [0093.151] CloseHandle (hObject=0x13c) returned 1 [0093.151] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.166] SetEvent (hEvent=0x10c) returned 1 [0093.166] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Local Settings" (normalized: "c:\\users\\default\\local settings"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.166] CreateFileW (lpFileName="C:\\Users\\Default\\Local Settings" (normalized: "c:\\users\\default\\local settings"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.166] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12917bd0 | out: lpFileInformation=0x12917bd0) returned 1 [0093.166] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12917bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12917bc8) returned 1 [0093.166] CloseHandle (hObject=0x13c) returned 1 [0093.166] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Local Settings" (normalized: "c:\\users\\default\\local settings")) returned 0x2416 [0093.166] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Local Settings", dwFileAttributes=0x2416) returned 1 [0093.167] CreateFileW (lpFileName="C:\\Users\\Default\\Local Settings" (normalized: "c:\\users\\default\\local settings"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0093.167] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x12917b9c | out: lpFindFileData=0x12917b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0093.167] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Local Settings" (normalized: "c:\\users\\default\\local settings")) returned 0x2416 [0093.167] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Local Settings", dwFileAttributes=0x2416) returned 1 [0093.167] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.213] SetEvent (hEvent=0x10c) returned 1 [0093.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Recent" (normalized: "c:\\users\\default\\recent"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.213] CreateFileW (lpFileName="C:\\Users\\Default\\Recent" (normalized: "c:\\users\\default\\recent"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.213] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12837bd0 | out: lpFileInformation=0x12837bd0) returned 1 [0093.213] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12837bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12837bc8) returned 1 [0093.213] CloseHandle (hObject=0x13c) returned 1 [0093.214] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.219] SetEvent (hEvent=0x10c) returned 1 [0093.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\Default\\Start Menu" (normalized: "c:\\users\\default\\start menu"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.219] CreateFileW (lpFileName="C:\\Users\\Default\\Start Menu" (normalized: "c:\\users\\default\\start menu"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x13c [0093.240] GetFileInformationByHandle (in: hFile=0x13c, lpFileInformation=0x12837bd0 | out: lpFileInformation=0x12837bd0) returned 1 [0093.241] GetFileInformationByHandleEx (in: hFile=0x13c, FileInformationClass=0x9, lpFileInformation=0x12837bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12837bc8) returned 1 [0093.241] CloseHandle (hObject=0x13c) returned 1 [0093.241] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures" (normalized: "c:\\users\\public\\documents\\my pictures"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.359] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\My Pictures" (normalized: "c:\\users\\public\\documents\\my pictures"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x15c [0093.360] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x12917bd0 | out: lpFileInformation=0x12917bd0) returned 1 [0093.360] GetFileInformationByHandleEx (in: hFile=0x15c, FileInformationClass=0x9, lpFileInformation=0x12917bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12917bc8) returned 1 [0093.360] CloseHandle (hObject=0x15c) returned 1 [0093.360] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.397] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.481] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.530] SetEvent (hEvent=0x10c) returned 1 [0093.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies" (normalized: "c:\\users\\rdhj0cnfevzx\\cookies"), fInfoLevelId=0x0, lpFileInformation=0x12833c44 | out: lpFileInformation=0x12833c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.531] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies" (normalized: "c:\\users\\rdhj0cnfevzx\\cookies"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x15c [0093.531] GetFileInformationByHandle (in: hFile=0x15c, lpFileInformation=0x12833bd0 | out: lpFileInformation=0x12833bd0) returned 1 [0093.531] GetFileInformationByHandleEx (in: hFile=0x15c, FileInformationClass=0x9, lpFileInformation=0x12833bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12833bc8) returned 1 [0093.531] CloseHandle (hObject=0x15c) returned 1 [0093.531] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies" (normalized: "c:\\users\\rdhj0cnfevzx\\cookies")) returned 0x2416 [0093.531] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies", dwFileAttributes=0x2416) returned 1 [0093.531] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies" (normalized: "c:\\users\\rdhj0cnfevzx\\cookies"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0093.531] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies\\*", lpFindFileData=0x12833b9c | out: lpFindFileData=0x12833b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0093.531] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies" (normalized: "c:\\users\\rdhj0cnfevzx\\cookies")) returned 0x2416 [0093.531] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies", dwFileAttributes=0x2416) returned 1 [0093.532] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0093.595] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1mnoByBkAMXa.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1mnobybkamxa.png"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a9c26b0, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0xd5a311c0, ftLastAccessTime.dwHighDateTime=0x1d70a59, ftLastWriteTime.dwLowDateTime=0xd5a311c0, ftLastWriteTime.dwHighDateTime=0x1d70a59, nFileSizeHigh=0x0, nFileSizeLow=0xce4)) returned 1 [0093.595] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1mnoByBkAMXa.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1mnobybkamxa.png")) returned 0x20 [0093.595] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1mnoByBkAMXa.png", dwFileAttributes=0x20) returned 1 [0093.596] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1mnoByBkAMXa.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1mnobybkamxa.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0093.596] GetConsoleMode (in: hConsoleHandle=0x15c, lpMode=0x12917e88 | out: lpMode=0x12917e88) returned 0 [0093.596] GetFileType (hFile=0x15c) returned 0x1 [0093.596] VirtualAlloc (lpAddress=0x0, dwSize=0xafc7c, flAllocationType=0x3000, flProtect=0x4) returned 0x32a40000 [0093.596] GetFileType (hFile=0x15c) returned 0x1 [0093.596] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.597] ReadFile (in: hFile=0x15c, lpBuffer=0x129004f4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12917d14, lpOverlapped=0x0 | out: lpBuffer=0x129004f4*, lpNumberOfBytesRead=0x12917d14*=0x4, lpOverlapped=0x0) returned 1 [0093.597] SystemFunction036 (in: RandomBuffer=0x12930c08, RandomBufferLength=0x10 | out: RandomBuffer=0x12930c08) returned 1 [0093.597] SystemFunction036 (in: RandomBuffer=0x12930c18, RandomBufferLength=0x10 | out: RandomBuffer=0x12930c18) returned 1 [0093.597] VirtualAlloc (lpAddress=0x12964000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12964000 [0093.597] GetFileType (hFile=0x15c) returned 0x1 [0093.597] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0093.597] ReadFile (in: hFile=0x15c, lpBuffer=0x12964000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12917e80, lpOverlapped=0x0 | out: lpBuffer=0x12964000*, lpNumberOfBytesRead=0x12917e80*=0xce4, lpOverlapped=0x0) returned 1 [0093.597] VirtualAlloc (lpAddress=0x12968000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x12968000 [0093.598] GetFileType (hFile=0x15c) returned 0x1 [0093.598] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0093.598] WriteFile (in: hFile=0x15c, lpBuffer=0x12968000*, nNumberOfBytesToWrite=0xcf0, lpNumberOfBytesWritten=0x12917e78, lpOverlapped=0x0 | out: lpBuffer=0x12968000*, lpNumberOfBytesWritten=0x12917e78*=0xcf0, lpOverlapped=0x0) returned 1 [0093.601] GetFileType (hFile=0x15c) returned 0x1 [0093.601] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0093.601] SystemFunction036 (in: RandomBuffer=0x12950301, RandomBufferLength=0x40 | out: RandomBuffer=0x12950301) returned 1 [0093.601] WriteFile (in: hFile=0x15c, lpBuffer=0x12900550*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12917d88, lpOverlapped=0x0 | out: lpBuffer=0x12900550*, lpNumberOfBytesWritten=0x12917d88*=0x4, lpOverlapped=0x0) returned 1 [0093.601] WriteFile (in: hFile=0x15c, lpBuffer=0x12950400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12917d88, lpOverlapped=0x0 | out: lpBuffer=0x12950400*, lpNumberOfBytesWritten=0x12917d88*=0x100, lpOverlapped=0x0) returned 1 [0093.601] CloseHandle (hObject=0x15c) returned 1 [0093.608] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1mnoByBkAMXa.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1mnobybkamxa.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1mnoByBkAMXa.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1mnobybkamxa.png.crypted"), dwFlags=0x1) returned 1 [0094.402] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\1mnoByBkAMXa.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\1mnobybkamxa.png")) returned 0xffffffff [0094.417] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) returned 0x0 [0094.542] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282f680, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x164 [0094.543] CloseHandle (hObject=0x164) returned 1 [0094.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ySbQKDOOjrDH.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ysbqkdoojrdh.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12a53c44 | out: lpFileInformation=0x12a53c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aa6d810, ftCreationTime.dwHighDateTime=0x1d7057f, ftLastAccessTime.dwLowDateTime=0x39ce8c10, ftLastAccessTime.dwHighDateTime=0x1d705eb, ftLastWriteTime.dwLowDateTime=0x39ce8c10, ftLastWriteTime.dwHighDateTime=0x1d705eb, nFileSizeHigh=0x0, nFileSizeLow=0x72ad)) returned 1 [0094.543] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ySbQKDOOjrDH.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ysbqkdoojrdh.m4a")) returned 0x20 [0094.543] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ySbQKDOOjrDH.m4a", dwFileAttributes=0x20) returned 1 [0094.544] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ySbQKDOOjrDH.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ysbqkdoojrdh.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0094.544] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0x12a53e88 | out: lpMode=0x12a53e88) returned 0 [0094.544] GetFileType (hFile=0x164) returned 0x1 [0094.544] GetFileType (hFile=0x164) returned 0x1 [0094.544] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a53e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.544] ReadFile (in: hFile=0x164, lpBuffer=0x128105a0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a53d14, lpOverlapped=0x0 | out: lpBuffer=0x128105a0*, lpNumberOfBytesRead=0x12a53d14*=0x4, lpOverlapped=0x0) returned 1 [0094.544] SystemFunction036 (in: RandomBuffer=0x12816f28, RandomBufferLength=0x10 | out: RandomBuffer=0x12816f28) returned 1 [0094.544] SystemFunction036 (in: RandomBuffer=0x12816f38, RandomBufferLength=0x10 | out: RandomBuffer=0x12816f38) returned 1 [0094.544] VirtualAlloc (lpAddress=0x12a62000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a62000 [0094.545] GetFileType (hFile=0x164) returned 0x1 [0094.545] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a53e9c | out: lpNewFilePointer=0x0) returned 1 [0094.545] ReadFile (in: hFile=0x164, lpBuffer=0x12a62000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a53e80, lpOverlapped=0x0 | out: lpBuffer=0x12a62000*, lpNumberOfBytesRead=0x12a53e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.545] VirtualAlloc (lpAddress=0x12a66000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a66000 [0094.545] GetFileType (hFile=0x164) returned 0x1 [0094.545] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a53e9c | out: lpNewFilePointer=0x0) returned 1 [0094.545] WriteFile (in: hFile=0x164, lpBuffer=0x12a66000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a53e78, lpOverlapped=0x0 | out: lpBuffer=0x12a66000*, lpNumberOfBytesWritten=0x12a53e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.546] GetFileType (hFile=0x164) returned 0x1 [0094.546] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a53e9c | out: lpNewFilePointer=0x0) returned 1 [0094.546] SystemFunction036 (in: RandomBuffer=0x1287f901, RandomBufferLength=0x40 | out: RandomBuffer=0x1287f901) returned 1 [0094.546] WriteFile (in: hFile=0x164, lpBuffer=0x128105fc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a53d88, lpOverlapped=0x0 | out: lpBuffer=0x128105fc*, lpNumberOfBytesWritten=0x12a53d88*=0x4, lpOverlapped=0x0) returned 1 [0094.546] WriteFile (in: hFile=0x164, lpBuffer=0x1287fa00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a53d88, lpOverlapped=0x0 | out: lpBuffer=0x1287fa00*, lpNumberOfBytesWritten=0x12a53d88*=0x100, lpOverlapped=0x0) returned 1 [0094.546] CloseHandle (hObject=0x164) returned 1 [0094.676] VirtualAlloc (lpAddress=0x12a7c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a7c000 [0094.676] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ySbQKDOOjrDH.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ysbqkdoojrdh.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ySbQKDOOjrDH.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ysbqkdoojrdh.m4a.crypted"), dwFlags=0x1) returned 1 [0097.518] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ySbQKDOOjrDH.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ysbqkdoojrdh.m4a")) returned 0xffffffff [0097.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\NetHood" (normalized: "c:\\users\\rdhj0cnfevzx\\nethood"), fInfoLevelId=0x0, lpFileInformation=0x12a53c44 | out: lpFileInformation=0x12a53c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.518] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\NetHood" (normalized: "c:\\users\\rdhj0cnfevzx\\nethood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x2a8 [0097.518] GetFileInformationByHandle (in: hFile=0x2a8, lpFileInformation=0x12a53bd0 | out: lpFileInformation=0x12a53bd0) returned 1 [0097.518] GetFileInformationByHandleEx (in: hFile=0x2a8, FileInformationClass=0x9, lpFileInformation=0x12a53bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12a53bc8) returned 1 [0097.518] CloseHandle (hObject=0x2a8) returned 1 [0097.519] WaitForSingleObject (hHandle=0x150, dwMilliseconds=0xffffffff) Thread: id = 12 os_tid = 0x60c [0093.625] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x32c2ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x32c2ff28*=0x168) returned 1 [0093.625] VirtualQuery (in: lpAddress=0x32c2ff38, lpBuffer=0x32c2ff38, dwLength=0x1c | out: lpBuffer=0x32c2ff38*(BaseAddress=0x32c2f000, AllocationBase=0x32b30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0093.625] SetEvent (hEvent=0xfc) returned 1 [0093.625] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x16c [0093.625] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x170 [0093.625] WaitForSingleObject (hHandle=0x16c, dwMilliseconds=0xffffffff) returned 0x0 [0093.665] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HDIuMzsJvMzE8c5R.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\hdiumzsjvmze8c5r.png"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d9064f0, ftCreationTime.dwHighDateTime=0x1d6ff54, ftLastAccessTime.dwLowDateTime=0x247582e0, ftLastAccessTime.dwHighDateTime=0x1d70188, ftLastWriteTime.dwLowDateTime=0x247582e0, ftLastWriteTime.dwHighDateTime=0x1d70188, nFileSizeHigh=0x0, nFileSizeLow=0x23a2)) returned 1 [0093.666] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HDIuMzsJvMzE8c5R.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\hdiumzsjvmze8c5r.png")) returned 0x20 [0093.666] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HDIuMzsJvMzE8c5R.png", dwFileAttributes=0x20) returned 1 [0093.666] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HDIuMzsJvMzE8c5R.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\hdiumzsjvmze8c5r.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0093.666] GetConsoleMode (in: hConsoleHandle=0x178, lpMode=0x12837e88 | out: lpMode=0x12837e88) returned 0 [0093.834] GetFileType (hFile=0x178) returned 0x1 [0093.834] GetFileType (hFile=0x178) returned 0x1 [0093.834] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.834] ReadFile (in: hFile=0x178, lpBuffer=0x1288b218, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12837d14, lpOverlapped=0x0 | out: lpBuffer=0x1288b218*, lpNumberOfBytesRead=0x12837d14*=0x4, lpOverlapped=0x0) returned 1 [0093.834] SystemFunction036 (in: RandomBuffer=0x128cc9d8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc9d8) returned 1 [0093.834] SystemFunction036 (in: RandomBuffer=0x128cc9e8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc9e8) returned 1 [0093.834] VirtualAlloc (lpAddress=0x128f6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x128f6000 [0093.835] GetFileType (hFile=0x178) returned 0x1 [0093.835] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0093.835] ReadFile (in: hFile=0x178, lpBuffer=0x128f6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12837e80, lpOverlapped=0x0 | out: lpBuffer=0x128f6000*, lpNumberOfBytesRead=0x12837e80*=0x23a2, lpOverlapped=0x0) returned 1 [0093.835] VirtualAlloc (lpAddress=0x12a80000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a80000 [0093.835] GetFileType (hFile=0x178) returned 0x1 [0093.838] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0093.838] WriteFile (in: hFile=0x178, lpBuffer=0x12a80000*, nNumberOfBytesToWrite=0x23b0, lpNumberOfBytesWritten=0x12837e78, lpOverlapped=0x0 | out: lpBuffer=0x12a80000*, lpNumberOfBytesWritten=0x12837e78*=0x23b0, lpOverlapped=0x0) returned 1 [0093.838] GetFileType (hFile=0x178) returned 0x1 [0093.838] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0093.838] SystemFunction036 (in: RandomBuffer=0x128de601, RandomBufferLength=0x40 | out: RandomBuffer=0x128de601) returned 1 [0093.839] WriteFile (in: hFile=0x178, lpBuffer=0x1288b274*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x1288b274*, lpNumberOfBytesWritten=0x12837d88*=0x4, lpOverlapped=0x0) returned 1 [0093.839] WriteFile (in: hFile=0x178, lpBuffer=0x128de700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x128de700*, lpNumberOfBytesWritten=0x12837d88*=0x100, lpOverlapped=0x0) returned 1 [0093.839] CloseHandle (hObject=0x178) returned 1 [0093.973] WaitForSingleObject (hHandle=0x16c, dwMilliseconds=0xffffffff) returned 0x0 [0093.985] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HDIuMzsJvMzE8c5R.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\hdiumzsjvmze8c5r.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HDIuMzsJvMzE8c5R.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\hdiumzsjvmze8c5r.png.crypted"), dwFlags=0x1) returned 1 [0094.685] SetEvent (hEvent=0x13c) returned 1 [0094.685] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HDIuMzsJvMzE8c5R.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\hdiumzsjvmze8c5r.png")) returned 0xffffffff [0094.740] WaitForSingleObject (hHandle=0x16c, dwMilliseconds=0xffffffff) returned 0x0 [0094.868] WaitForSingleObject (hHandle=0x16c, dwMilliseconds=0xffffffff) returned 0x0 [0094.889] SetEvent (hEvent=0x10c) returned 1 [0094.889] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\zQmIs_lj7.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\zqmis_lj7.flv"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7620cc70, ftCreationTime.dwHighDateTime=0x1d6ffdb, ftLastAccessTime.dwLowDateTime=0x6fa2d5b0, ftLastAccessTime.dwHighDateTime=0x1d7047b, ftLastWriteTime.dwLowDateTime=0x6fa2d5b0, ftLastWriteTime.dwHighDateTime=0x1d7047b, nFileSizeHigh=0x0, nFileSizeLow=0x382e)) returned 1 [0094.889] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\zQmIs_lj7.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\zqmis_lj7.flv")) returned 0x20 [0094.889] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\zQmIs_lj7.flv", dwFileAttributes=0x20) returned 1 [0094.889] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\zQmIs_lj7.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\zqmis_lj7.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0094.890] GetConsoleMode (in: hConsoleHandle=0x220, lpMode=0x12837e88 | out: lpMode=0x12837e88) returned 0 [0094.890] GetFileType (hFile=0x220) returned 0x1 [0094.890] GetFileType (hFile=0x220) returned 0x1 [0094.890] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.890] ReadFile (in: hFile=0x220, lpBuffer=0x128106cc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12837d14, lpOverlapped=0x0 | out: lpBuffer=0x128106cc*, lpNumberOfBytesRead=0x12837d14*=0x4, lpOverlapped=0x0) returned 1 [0094.890] SystemFunction036 (in: RandomBuffer=0x128173d8, RandomBufferLength=0x10 | out: RandomBuffer=0x128173d8) returned 1 [0094.890] SystemFunction036 (in: RandomBuffer=0x128173e8, RandomBufferLength=0x10 | out: RandomBuffer=0x128173e8) returned 1 [0094.890] VirtualAlloc (lpAddress=0x12c0c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c0c000 [0094.890] GetFileType (hFile=0x220) returned 0x1 [0094.890] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0094.890] ReadFile (in: hFile=0x220, lpBuffer=0x12c0c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12837e80, lpOverlapped=0x0 | out: lpBuffer=0x12c0c000*, lpNumberOfBytesRead=0x12837e80*=0x382e, lpOverlapped=0x0) returned 1 [0094.891] VirtualAlloc (lpAddress=0x12c10000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c10000 [0094.891] GetFileType (hFile=0x220) returned 0x1 [0094.891] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0094.891] WriteFile (in: hFile=0x220, lpBuffer=0x12c10000*, nNumberOfBytesToWrite=0x3830, lpNumberOfBytesWritten=0x12837e78, lpOverlapped=0x0 | out: lpBuffer=0x12c10000*, lpNumberOfBytesWritten=0x12837e78*=0x3830, lpOverlapped=0x0) returned 1 [0094.892] GetFileType (hFile=0x220) returned 0x1 [0094.892] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0094.892] SystemFunction036 (in: RandomBuffer=0x12a7e201, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7e201) returned 1 [0094.892] VirtualAlloc (lpAddress=0x12c14000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c14000 [0094.892] VirtualAlloc (lpAddress=0x12c16000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c16000 [0094.893] WriteFile (in: hFile=0x220, lpBuffer=0x12810728*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x12810728*, lpNumberOfBytesWritten=0x12837d88*=0x4, lpOverlapped=0x0) returned 1 [0094.893] WriteFile (in: hFile=0x220, lpBuffer=0x12a7e300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x12a7e300*, lpNumberOfBytesWritten=0x12837d88*=0x100, lpOverlapped=0x0) returned 1 [0094.893] CloseHandle (hObject=0x220) returned 1 [0095.123] WaitForSingleObject (hHandle=0x16c, dwMilliseconds=0xffffffff) returned 0x0 [0095.193] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\zQmIs_lj7.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\zqmis_lj7.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\zQmIs_lj7.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\zqmis_lj7.flv.crypted"), dwFlags=0x1) returned 1 [0097.123] WaitForSingleObject (hHandle=0x16c, dwMilliseconds=0xffffffff) Thread: id = 13 os_tid = 0x530 [0093.697] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x32d6ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x32d6ff28*=0x17c) returned 1 [0093.697] VirtualQuery (in: lpAddress=0x32d6ff38, lpBuffer=0x32d6ff38, dwLength=0x1c | out: lpBuffer=0x32d6ff38*(BaseAddress=0x32d6f000, AllocationBase=0x32c70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0093.697] SetEvent (hEvent=0xfc) returned 1 [0093.697] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x180 [0093.697] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x184 [0093.697] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0xffffffff) returned 0x0 [0093.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LxtgF.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxtgf.png"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f142b70, ftCreationTime.dwHighDateTime=0x1d704e3, ftLastAccessTime.dwLowDateTime=0xecd0f1e0, ftLastAccessTime.dwHighDateTime=0x1d70730, ftLastWriteTime.dwLowDateTime=0xecd0f1e0, ftLastWriteTime.dwHighDateTime=0x1d70730, nFileSizeHigh=0x0, nFileSizeLow=0x5449)) returned 1 [0093.864] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LxtgF.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxtgf.png")) returned 0x20 [0093.864] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LxtgF.png", dwFileAttributes=0x20) returned 1 [0093.864] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LxtgF.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxtgf.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0093.864] GetConsoleMode (in: hConsoleHandle=0x190, lpMode=0x12913e88 | out: lpMode=0x12913e88) returned 0 [0093.864] GetFileType (hFile=0x190) returned 0x1 [0093.864] GetFileType (hFile=0x190) returned 0x1 [0093.864] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.864] ReadFile (in: hFile=0x190, lpBuffer=0x1298e0ec, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12913d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e0ec*, lpNumberOfBytesRead=0x12913d14*=0x4, lpOverlapped=0x0) returned 1 [0093.864] SystemFunction036 (in: RandomBuffer=0x129a22f8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a22f8) returned 1 [0093.865] SystemFunction036 (in: RandomBuffer=0x129a2308, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2308) returned 1 [0093.865] VirtualAlloc (lpAddress=0x129ae000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129ae000 [0093.865] VirtualAlloc (lpAddress=0x129b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129b2000 [0093.865] GetFileType (hFile=0x190) returned 0x1 [0093.865] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0093.865] ReadFile (in: hFile=0x190, lpBuffer=0x129ae000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12913e80, lpOverlapped=0x0 | out: lpBuffer=0x129ae000*, lpNumberOfBytesRead=0x12913e80*=0x4000, lpOverlapped=0x0) returned 1 [0093.865] VirtualAlloc (lpAddress=0x129b4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129b4000 [0093.866] GetFileType (hFile=0x190) returned 0x1 [0093.866] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0093.866] WriteFile (in: hFile=0x190, lpBuffer=0x129b4000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12913e78, lpOverlapped=0x0 | out: lpBuffer=0x129b4000*, lpNumberOfBytesWritten=0x12913e78*=0x4000, lpOverlapped=0x0) returned 1 [0093.866] GetFileType (hFile=0x190) returned 0x1 [0093.866] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0093.866] VirtualAlloc (lpAddress=0x129b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129b8000 [0093.867] SystemFunction036 (in: RandomBuffer=0x129b8001, RandomBufferLength=0x40 | out: RandomBuffer=0x129b8001) returned 1 [0093.867] VirtualAlloc (lpAddress=0x129ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129ba000 [0093.867] VirtualAlloc (lpAddress=0x129bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129bc000 [0093.867] VirtualAlloc (lpAddress=0x129be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129be000 [0093.871] VirtualAlloc (lpAddress=0x129c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129c0000 [0093.871] VirtualAlloc (lpAddress=0x129c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129c4000 [0093.872] WriteFile (in: hFile=0x190, lpBuffer=0x1298e148*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e148*, lpNumberOfBytesWritten=0x12913d88*=0x4, lpOverlapped=0x0) returned 1 [0093.872] WriteFile (in: hFile=0x190, lpBuffer=0x129b8100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x129b8100*, lpNumberOfBytesWritten=0x12913d88*=0x100, lpOverlapped=0x0) returned 1 [0093.872] CloseHandle (hObject=0x190) returned 1 [0093.975] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LxtgF.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxtgf.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LxtgF.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxtgf.png.crypted"), dwFlags=0x1) returned 1 [0094.678] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LxtgF.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxtgf.png")) returned 0xffffffff [0094.682] SetEvent (hEvent=0x13c) returned 1 [0094.682] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0xffffffff) returned 0x0 [0094.985] SetEvent (hEvent=0x1b0) returned 1 [0094.985] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0xffffffff) returned 0x0 [0094.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\npFe-2XahFj.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\npfe-2xahfj.swf"), fInfoLevelId=0x0, lpFileInformation=0x12a6bc44 | out: lpFileInformation=0x12a6bc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e4c5960, ftCreationTime.dwHighDateTime=0x1d6fa0d, ftLastAccessTime.dwLowDateTime=0x459ce5a0, ftLastAccessTime.dwHighDateTime=0x1d6fdd5, ftLastWriteTime.dwLowDateTime=0x459ce5a0, ftLastWriteTime.dwHighDateTime=0x1d6fdd5, nFileSizeHigh=0x0, nFileSizeLow=0xf057)) returned 1 [0094.996] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\npFe-2XahFj.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\npfe-2xahfj.swf")) returned 0x20 [0094.996] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\npFe-2XahFj.swf", dwFileAttributes=0x20) returned 1 [0094.996] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\npFe-2XahFj.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\npfe-2xahfj.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0094.997] GetConsoleMode (in: hConsoleHandle=0x220, lpMode=0x12a6be88 | out: lpMode=0x12a6be88) returned 0 [0094.997] GetFileType (hFile=0x220) returned 0x1 [0094.997] VirtualAlloc (lpAddress=0x12c20000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c20000 [0094.997] GetFileType (hFile=0x220) returned 0x1 [0094.997] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.997] ReadFile (in: hFile=0x220, lpBuffer=0x12810794, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6bd14, lpOverlapped=0x0 | out: lpBuffer=0x12810794*, lpNumberOfBytesRead=0x12a6bd14*=0x4, lpOverlapped=0x0) returned 1 [0094.997] SystemFunction036 (in: RandomBuffer=0x12817658, RandomBufferLength=0x10 | out: RandomBuffer=0x12817658) returned 1 [0094.997] SystemFunction036 (in: RandomBuffer=0x12817668, RandomBufferLength=0x10 | out: RandomBuffer=0x12817668) returned 1 [0094.997] VirtualAlloc (lpAddress=0x12c22000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c22000 [0094.998] GetFileType (hFile=0x220) returned 0x1 [0094.998] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0094.998] ReadFile (in: hFile=0x220, lpBuffer=0x12c22000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6be80, lpOverlapped=0x0 | out: lpBuffer=0x12c22000*, lpNumberOfBytesRead=0x12a6be80*=0x4000, lpOverlapped=0x0) returned 1 [0094.998] VirtualAlloc (lpAddress=0x12c26000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c26000 [0094.999] GetFileType (hFile=0x220) returned 0x1 [0094.999] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0094.999] WriteFile (in: hFile=0x220, lpBuffer=0x12c26000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6be78, lpOverlapped=0x0 | out: lpBuffer=0x12c26000*, lpNumberOfBytesWritten=0x12a6be78*=0x4000, lpOverlapped=0x0) returned 1 [0094.999] GetFileType (hFile=0x220) returned 0x1 [0094.999] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0094.999] ReadFile (in: hFile=0x220, lpBuffer=0x12c22000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6be80, lpOverlapped=0x0 | out: lpBuffer=0x12c22000*, lpNumberOfBytesRead=0x12a6be80*=0x4000, lpOverlapped=0x0) returned 1 [0094.999] VirtualAlloc (lpAddress=0x12c2a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c2a000 [0095.000] GetFileType (hFile=0x220) returned 0x1 [0095.000] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0095.000] WriteFile (in: hFile=0x220, lpBuffer=0x12c2a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6be78, lpOverlapped=0x0 | out: lpBuffer=0x12c2a000*, lpNumberOfBytesWritten=0x12a6be78*=0x4000, lpOverlapped=0x0) returned 1 [0095.000] GetFileType (hFile=0x220) returned 0x1 [0095.000] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0095.000] SystemFunction036 (in: RandomBuffer=0x12a7e801, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7e801) returned 1 [0095.000] WriteFile (in: hFile=0x220, lpBuffer=0x128107f0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6bd88, lpOverlapped=0x0 | out: lpBuffer=0x128107f0*, lpNumberOfBytesWritten=0x12a6bd88*=0x4, lpOverlapped=0x0) returned 1 [0095.001] WriteFile (in: hFile=0x220, lpBuffer=0x12a7e900*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6bd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7e900*, lpNumberOfBytesWritten=0x12a6bd88*=0x100, lpOverlapped=0x0) returned 1 [0095.001] CloseHandle (hObject=0x220) returned 1 [0095.035] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\npFe-2XahFj.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\npfe-2xahfj.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\npFe-2XahFj.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\npfe-2xahfj.swf.crypted"), dwFlags=0x1) returned 1 [0096.670] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\npFe-2XahFj.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\npfe-2xahfj.swf")) returned 0xffffffff [0096.770] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0xffffffff) returned 0x0 [0096.792] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\4Tbto3wSrq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\4tbto3wsrq.wav"), fInfoLevelId=0x0, lpFileInformation=0x12a6bc44 | out: lpFileInformation=0x12a6bc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd241700, ftCreationTime.dwHighDateTime=0x1d70205, ftLastAccessTime.dwLowDateTime=0xbf150930, ftLastAccessTime.dwHighDateTime=0x1d708a2, ftLastWriteTime.dwLowDateTime=0xbf150930, ftLastWriteTime.dwHighDateTime=0x1d708a2, nFileSizeHigh=0x0, nFileSizeLow=0x101bd)) returned 1 [0096.792] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\4Tbto3wSrq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\4tbto3wsrq.wav")) returned 0x20 [0096.792] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\4Tbto3wSrq.wav", dwFileAttributes=0x20) returned 1 [0096.792] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\4Tbto3wSrq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\4tbto3wsrq.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0096.793] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0x12a6be88 | out: lpMode=0x12a6be88) returned 0 [0096.793] GetFileType (hFile=0x23c) returned 0x1 [0096.793] GetFileType (hFile=0x23c) returned 0x1 [0096.793] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.793] ReadFile (in: hFile=0x23c, lpBuffer=0x1298e79c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6bd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e79c*, lpNumberOfBytesRead=0x12a6bd14*=0x4, lpOverlapped=0x0) returned 1 [0096.793] SystemFunction036 (in: RandomBuffer=0x12be5ce8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5ce8) returned 1 [0096.793] SystemFunction036 (in: RandomBuffer=0x12be5cf8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5cf8) returned 1 [0096.793] GetFileType (hFile=0x23c) returned 0x1 [0096.793] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0096.793] ReadFile (in: hFile=0x23c, lpBuffer=0x129f2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6be80, lpOverlapped=0x0 | out: lpBuffer=0x129f2000*, lpNumberOfBytesRead=0x12a6be80*=0x4000, lpOverlapped=0x0) returned 1 [0096.794] GetFileType (hFile=0x23c) returned 0x1 [0096.794] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0096.794] WriteFile (in: hFile=0x23c, lpBuffer=0x129f6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6be78, lpOverlapped=0x0 | out: lpBuffer=0x129f6000*, lpNumberOfBytesWritten=0x12a6be78*=0x4000, lpOverlapped=0x0) returned 1 [0096.794] GetFileType (hFile=0x23c) returned 0x1 [0096.794] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0096.794] SystemFunction036 (in: RandomBuffer=0x12ced701, RandomBufferLength=0x40 | out: RandomBuffer=0x12ced701) returned 1 [0096.794] WriteFile (in: hFile=0x23c, lpBuffer=0x1298e7f8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6bd88, lpOverlapped=0x0 | out: lpBuffer=0x1298e7f8*, lpNumberOfBytesWritten=0x12a6bd88*=0x4, lpOverlapped=0x0) returned 1 [0096.794] WriteFile (in: hFile=0x23c, lpBuffer=0x12ced800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6bd88, lpOverlapped=0x0 | out: lpBuffer=0x12ced800*, lpNumberOfBytesWritten=0x12a6bd88*=0x100, lpOverlapped=0x0) returned 1 [0096.794] CloseHandle (hObject=0x23c) returned 1 [0096.799] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\4Tbto3wSrq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\4tbto3wsrq.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\4Tbto3wSrq.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\4tbto3wsrq.wav.crypted"), dwFlags=0x1) returned 1 [0096.800] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\4Tbto3wSrq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\4tbto3wsrq.wav")) returned 0xffffffff [0096.800] VirtualFree (lpAddress=0x12c42000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.801] WaitForSingleObject (hHandle=0x180, dwMilliseconds=0xffffffff) Thread: id = 14 os_tid = 0x1048 [0093.630] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x32eaff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x32eaff28*=0x174) returned 1 [0093.630] VirtualQuery (in: lpAddress=0x32eaff38, lpBuffer=0x32eaff38, dwLength=0x1c | out: lpBuffer=0x32eaff38*(BaseAddress=0x32eaf000, AllocationBase=0x32db0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0093.630] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cm6l_YapJvSAE.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cm6l_yapjvsae.swf"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf57950, ftCreationTime.dwHighDateTime=0x1d70a7e, ftLastAccessTime.dwLowDateTime=0xadc8e420, ftLastAccessTime.dwHighDateTime=0x1d70a7e, ftLastWriteTime.dwLowDateTime=0xadc8e420, ftLastWriteTime.dwHighDateTime=0x1d70a7e, nFileSizeHigh=0x0, nFileSizeLow=0xf5a3)) returned 1 [0093.630] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cm6l_YapJvSAE.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cm6l_yapjvsae.swf")) returned 0x20 [0093.630] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cm6l_YapJvSAE.swf", dwFileAttributes=0x20) returned 1 [0093.630] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cm6l_YapJvSAE.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cm6l_yapjvsae.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x178 [0093.630] GetConsoleMode (in: hConsoleHandle=0x178, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0093.630] GetFileType (hFile=0x178) returned 0x1 [0093.630] GetFileType (hFile=0x178) returned 0x1 [0093.631] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.631] ReadFile (in: hFile=0x178, lpBuffer=0x12900558, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x12900558*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0093.631] SystemFunction036 (in: RandomBuffer=0x12930d48, RandomBufferLength=0x10 | out: RandomBuffer=0x12930d48) returned 1 [0093.631] SystemFunction036 (in: RandomBuffer=0x12930d58, RandomBufferLength=0x10 | out: RandomBuffer=0x12930d58) returned 1 [0093.631] VirtualAlloc (lpAddress=0x12972000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12972000 [0093.631] GetFileType (hFile=0x178) returned 0x1 [0093.631] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0093.632] ReadFile (in: hFile=0x178, lpBuffer=0x12972000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12972000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0093.632] VirtualAlloc (lpAddress=0x12976000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12976000 [0093.632] GetFileType (hFile=0x178) returned 0x1 [0093.632] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0093.632] WriteFile (in: hFile=0x178, lpBuffer=0x12976000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12976000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0093.633] GetFileType (hFile=0x178) returned 0x1 [0093.633] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0093.633] SystemFunction036 (in: RandomBuffer=0x12950601, RandomBufferLength=0x40 | out: RandomBuffer=0x12950601) returned 1 [0093.633] WriteFile (in: hFile=0x178, lpBuffer=0x129005b4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x129005b4*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0093.633] WriteFile (in: hFile=0x178, lpBuffer=0x12950700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12950700*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0093.633] CloseHandle (hObject=0x178) returned 1 [0093.812] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cm6l_YapJvSAE.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cm6l_yapjvsae.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cm6l_YapJvSAE.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cm6l_yapjvsae.swf.crypted"), dwFlags=0x1) returned 1 [0094.522] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cm6l_YapJvSAE.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cm6l_yapjvsae.swf")) returned 0xffffffff [0094.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\gSBPZvGU21Z-uNb.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\gsbpzvgu21z-unb.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c8dcf20, ftCreationTime.dwHighDateTime=0x1d6fd16, ftLastAccessTime.dwLowDateTime=0x6f7d9b90, ftLastAccessTime.dwHighDateTime=0x1d6fe06, ftLastWriteTime.dwLowDateTime=0x6f7d9b90, ftLastWriteTime.dwHighDateTime=0x1d6fe06, nFileSizeHigh=0x0, nFileSizeLow=0x111fd)) returned 1 [0094.561] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\gSBPZvGU21Z-uNb.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\gsbpzvgu21z-unb.mkv")) returned 0x20 [0094.561] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\gSBPZvGU21Z-uNb.mkv", dwFileAttributes=0x20) returned 1 [0094.562] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\gSBPZvGU21Z-uNb.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\gsbpzvgu21z-unb.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0094.562] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0094.562] GetFileType (hFile=0x164) returned 0x1 [0094.562] GetFileType (hFile=0x164) returned 0x1 [0094.562] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.562] ReadFile (in: hFile=0x164, lpBuffer=0x129008a0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x129008a0*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0094.562] SystemFunction036 (in: RandomBuffer=0x12931748, RandomBufferLength=0x10 | out: RandomBuffer=0x12931748) returned 1 [0094.562] SystemFunction036 (in: RandomBuffer=0x12931758, RandomBufferLength=0x10 | out: RandomBuffer=0x12931758) returned 1 [0094.562] VirtualAlloc (lpAddress=0x12ade000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ade000 [0094.563] GetFileType (hFile=0x164) returned 0x1 [0094.563] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0094.563] ReadFile (in: hFile=0x164, lpBuffer=0x12ade000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12ade000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.563] VirtualAlloc (lpAddress=0x12ae2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ae2000 [0094.564] GetFileType (hFile=0x164) returned 0x1 [0094.564] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0094.564] WriteFile (in: hFile=0x164, lpBuffer=0x12ae2000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12ae2000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.564] GetFileType (hFile=0x164) returned 0x1 [0094.564] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0094.567] SystemFunction036 (in: RandomBuffer=0x12ad8601, RandomBufferLength=0x40 | out: RandomBuffer=0x12ad8601) returned 1 [0094.567] VirtualAlloc (lpAddress=0x12ae6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ae6000 [0094.568] WriteFile (in: hFile=0x164, lpBuffer=0x129008fc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x129008fc*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0094.568] WriteFile (in: hFile=0x164, lpBuffer=0x12ad8700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12ad8700*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0094.568] CloseHandle (hObject=0x164) returned 1 [0094.580] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\gSBPZvGU21Z-uNb.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\gsbpzvgu21z-unb.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\gSBPZvGU21Z-uNb.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\gsbpzvgu21z-unb.mkv.crypted"), dwFlags=0x1) returned 1 [0097.589] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\gSBPZvGU21Z-uNb.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\gsbpzvgu21z-unb.mkv")) returned 0xffffffff [0097.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\39ONyQqD1_0DcRWHisH.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\39onyqqd1_0dcrwhish.gif"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42420300, ftCreationTime.dwHighDateTime=0x1d6fda2, ftLastAccessTime.dwLowDateTime=0x409dd3e0, ftLastAccessTime.dwHighDateTime=0x1d7095e, ftLastWriteTime.dwLowDateTime=0x409dd3e0, ftLastWriteTime.dwHighDateTime=0x1d7095e, nFileSizeHigh=0x0, nFileSizeLow=0x175e1)) returned 1 [0097.589] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\39ONyQqD1_0DcRWHisH.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\39onyqqd1_0dcrwhish.gif")) returned 0x20 [0097.589] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\39ONyQqD1_0DcRWHisH.gif", dwFileAttributes=0x20) returned 1 [0097.590] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\39ONyQqD1_0DcRWHisH.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\39onyqqd1_0dcrwhish.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1a4 [0097.590] GetConsoleMode (in: hConsoleHandle=0x1a4, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0097.590] GetFileType (hFile=0x1a4) returned 0x1 [0097.590] GetFileType (hFile=0x1a4) returned 0x1 [0097.590] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.590] ReadFile (in: hFile=0x1a4, lpBuffer=0x129003f4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x129003f4*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0097.590] SystemFunction036 (in: RandomBuffer=0x12817298, RandomBufferLength=0x10 | out: RandomBuffer=0x12817298) returned 1 [0097.590] SystemFunction036 (in: RandomBuffer=0x128172a8, RandomBufferLength=0x10 | out: RandomBuffer=0x128172a8) returned 1 [0097.590] GetFileType (hFile=0x1a4) returned 0x1 [0097.590] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.590] ReadFile (in: hFile=0x1a4, lpBuffer=0x12996000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12996000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.591] GetFileType (hFile=0x1a4) returned 0x1 [0097.591] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.591] WriteFile (in: hFile=0x1a4, lpBuffer=0x129ae000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x129ae000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.591] GetFileType (hFile=0x1a4) returned 0x1 [0097.591] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.591] SystemFunction036 (in: RandomBuffer=0x12a47101, RandomBufferLength=0x40 | out: RandomBuffer=0x12a47101) returned 1 [0097.591] WriteFile (in: hFile=0x1a4, lpBuffer=0x12900450*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12900450*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0097.592] WriteFile (in: hFile=0x1a4, lpBuffer=0x12a47200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12a47200*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0097.592] CloseHandle (hObject=0x1a4) returned 1 [0097.594] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\39ONyQqD1_0DcRWHisH.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\39onyqqd1_0dcrwhish.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\39ONyQqD1_0DcRWHisH.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\39onyqqd1_0dcrwhish.gif.crypted"), dwFlags=0x1) returned 1 [0097.595] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\39ONyQqD1_0DcRWHisH.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\39onyqqd1_0dcrwhish.gif")) returned 0xffffffff [0097.595] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1a4 [0097.595] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x188 [0097.595] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0097.652] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x28, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0097.740] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\NMFJzJl8.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\nmfjzjl8.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28557420, ftCreationTime.dwHighDateTime=0x1d6fdc2, ftLastAccessTime.dwLowDateTime=0x4273a600, ftLastAccessTime.dwHighDateTime=0x1d705d4, ftLastWriteTime.dwLowDateTime=0x4273a600, ftLastWriteTime.dwHighDateTime=0x1d705d4, nFileSizeHigh=0x0, nFileSizeLow=0x4042)) returned 1 [0097.740] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\NMFJzJl8.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\nmfjzjl8.jpg")) returned 0x20 [0097.740] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\NMFJzJl8.jpg", dwFileAttributes=0x20) returned 1 [0097.741] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\NMFJzJl8.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\nmfjzjl8.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.741] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0097.741] GetFileType (hFile=0x274) returned 0x1 [0097.741] GetFileType (hFile=0x274) returned 0x1 [0097.741] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.741] ReadFile (in: hFile=0x274, lpBuffer=0x12900528, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x12900528*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0097.741] SystemFunction036 (in: RandomBuffer=0x12817658, RandomBufferLength=0x10 | out: RandomBuffer=0x12817658) returned 1 [0097.741] SystemFunction036 (in: RandomBuffer=0x12817668, RandomBufferLength=0x10 | out: RandomBuffer=0x12817668) returned 1 [0097.741] GetFileType (hFile=0x274) returned 0x1 [0097.741] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.741] ReadFile (in: hFile=0x274, lpBuffer=0x12a12000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12a12000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.742] GetFileType (hFile=0x274) returned 0x1 [0097.742] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.742] WriteFile (in: hFile=0x274, lpBuffer=0x12a16000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12a16000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.742] GetFileType (hFile=0x274) returned 0x1 [0097.742] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.742] SystemFunction036 (in: RandomBuffer=0x12a47b01, RandomBufferLength=0x40 | out: RandomBuffer=0x12a47b01) returned 1 [0097.743] WriteFile (in: hFile=0x274, lpBuffer=0x12900584*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12900584*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0097.743] WriteFile (in: hFile=0x274, lpBuffer=0x12a47c00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12a47c00*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0097.743] CloseHandle (hObject=0x274) returned 1 [0097.744] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\NMFJzJl8.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\nmfjzjl8.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\NMFJzJl8.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\nmfjzjl8.jpg.crypted"), dwFlags=0x1) returned 1 [0097.747] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\NMFJzJl8.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\nmfjzjl8.jpg")) returned 0xffffffff [0097.747] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x1f, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0097.818] SetEvent (hEvent=0x260) returned 1 [0097.818] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\VQj8Upe PrP5Xy_.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vqj8upe prp5xy_.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ac07bb0, ftCreationTime.dwHighDateTime=0x1d70832, ftLastAccessTime.dwLowDateTime=0x96527460, ftLastAccessTime.dwHighDateTime=0x1d708e8, ftLastWriteTime.dwLowDateTime=0x96527460, ftLastWriteTime.dwHighDateTime=0x1d708e8, nFileSizeHigh=0x0, nFileSizeLow=0xf6dd)) returned 1 [0097.818] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\VQj8Upe PrP5Xy_.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vqj8upe prp5xy_.bmp")) returned 0x20 [0097.818] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\VQj8Upe PrP5Xy_.bmp", dwFileAttributes=0x20) returned 1 [0097.819] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\VQj8Upe PrP5Xy_.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vqj8upe prp5xy_.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.819] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0097.819] GetFileType (hFile=0x274) returned 0x1 [0097.819] GetFileType (hFile=0x274) returned 0x1 [0097.819] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.819] ReadFile (in: hFile=0x274, lpBuffer=0x12810484, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x12810484*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0097.819] SystemFunction036 (in: RandomBuffer=0x129a3298, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3298) returned 1 [0097.819] SystemFunction036 (in: RandomBuffer=0x129a32a8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a32a8) returned 1 [0097.819] GetFileType (hFile=0x274) returned 0x1 [0097.819] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.819] ReadFile (in: hFile=0x274, lpBuffer=0x129ba000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x129ba000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.820] GetFileType (hFile=0x274) returned 0x1 [0097.820] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.820] WriteFile (in: hFile=0x274, lpBuffer=0x129c0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x129c0000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.820] GetFileType (hFile=0x274) returned 0x1 [0097.820] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.820] SystemFunction036 (in: RandomBuffer=0x1299a201, RandomBufferLength=0x40 | out: RandomBuffer=0x1299a201) returned 1 [0097.820] WriteFile (in: hFile=0x274, lpBuffer=0x128104e0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x128104e0*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0097.821] WriteFile (in: hFile=0x274, lpBuffer=0x1299a300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1299a300*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0097.821] CloseHandle (hObject=0x274) returned 1 [0097.823] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\VQj8Upe PrP5Xy_.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vqj8upe prp5xy_.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\VQj8Upe PrP5Xy_.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vqj8upe prp5xy_.bmp.crypted"), dwFlags=0x1) returned 1 [0097.824] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\VQj8Upe PrP5Xy_.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vqj8upe prp5xy_.bmp")) returned 0xffffffff [0097.824] VirtualFree (lpAddress=0x12dec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.824] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa24, ulCount=0x10, ulNumEntriesRemoved=0x32eafa0c, dwMilliseconds=0x24, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa24, ulNumEntriesRemoved=0x32eafa0c) returned 0 [0097.885] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0097.970] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0098.111] VirtualFree (lpAddress=0x12de4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.111] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\mh9xwYD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\mh9xwyd.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65c51520, ftCreationTime.dwHighDateTime=0x1d6fcc5, ftLastAccessTime.dwLowDateTime=0xb021f5a0, ftLastAccessTime.dwHighDateTime=0x1d70186, ftLastWriteTime.dwLowDateTime=0xb021f5a0, ftLastWriteTime.dwHighDateTime=0x1d70186, nFileSizeHigh=0x0, nFileSizeLow=0x3d4c)) returned 1 [0098.111] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\mh9xwYD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\mh9xwyd.bmp")) returned 0x20 [0098.111] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\mh9xwYD.bmp", dwFileAttributes=0x20) returned 1 [0098.111] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\mh9xwYD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\mh9xwyd.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0098.112] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0098.112] GetFileType (hFile=0x274) returned 0x1 [0098.112] GetFileType (hFile=0x274) returned 0x1 [0098.112] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0098.112] ReadFile (in: hFile=0x274, lpBuffer=0x1288a3b4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a3b4*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0098.112] SystemFunction036 (in: RandomBuffer=0x12930b68, RandomBufferLength=0x10 | out: RandomBuffer=0x12930b68) returned 1 [0098.112] SystemFunction036 (in: RandomBuffer=0x12930b78, RandomBufferLength=0x10 | out: RandomBuffer=0x12930b78) returned 1 [0098.112] GetFileType (hFile=0x274) returned 0x1 [0098.112] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0098.112] ReadFile (in: hFile=0x274, lpBuffer=0x12aa0000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12aa0000*, lpNumberOfBytesRead=0x12a51e80*=0x3d4c, lpOverlapped=0x0) returned 1 [0098.112] GetFileType (hFile=0x274) returned 0x1 [0098.112] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0098.112] WriteFile (in: hFile=0x274, lpBuffer=0x12aa4000*, nNumberOfBytesToWrite=0x3d50, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12aa4000*, lpNumberOfBytesWritten=0x12a51e78*=0x3d50, lpOverlapped=0x0) returned 1 [0098.113] GetFileType (hFile=0x274) returned 0x1 [0098.113] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0098.113] SystemFunction036 (in: RandomBuffer=0x12bc7901, RandomBufferLength=0x40 | out: RandomBuffer=0x12bc7901) returned 1 [0098.113] WriteFile (in: hFile=0x274, lpBuffer=0x1288a410*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a410*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0098.113] WriteFile (in: hFile=0x274, lpBuffer=0x12bc7a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12bc7a00*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0098.113] CloseHandle (hObject=0x274) returned 1 [0098.115] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\mh9xwYD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\mh9xwyd.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\mh9xwYD.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\mh9xwyd.bmp.crypted"), dwFlags=0x1) returned 1 [0098.115] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\mh9xwYD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\mh9xwyd.bmp")) returned 0xffffffff [0098.116] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0098.245] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0098.326] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0098.335] SetEvent (hEvent=0x278) returned 1 [0098.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\qHoJ-z3pedpS.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\qhoj-z3pedps.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3216a680, ftCreationTime.dwHighDateTime=0x1d6fd29, ftLastAccessTime.dwLowDateTime=0x60769500, ftLastAccessTime.dwHighDateTime=0x1d6fdf4, ftLastWriteTime.dwLowDateTime=0x60769500, ftLastWriteTime.dwHighDateTime=0x1d6fdf4, nFileSizeHigh=0x0, nFileSizeLow=0xbaf0)) returned 1 [0098.335] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\qHoJ-z3pedpS.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\qhoj-z3pedps.jpg")) returned 0x20 [0098.335] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\qHoJ-z3pedpS.jpg", dwFileAttributes=0x20) returned 1 [0098.336] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\qHoJ-z3pedpS.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\qhoj-z3pedps.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0098.336] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0098.336] GetFileType (hFile=0x274) returned 0x1 [0098.336] GetFileType (hFile=0x274) returned 0x1 [0098.336] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0098.336] ReadFile (in: hFile=0x274, lpBuffer=0x1298e3c4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e3c4*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0098.336] SystemFunction036 (in: RandomBuffer=0x128ccf28, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccf28) returned 1 [0098.336] SystemFunction036 (in: RandomBuffer=0x128ccf38, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccf38) returned 1 [0098.336] GetFileType (hFile=0x274) returned 0x1 [0098.337] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0098.337] ReadFile (in: hFile=0x274, lpBuffer=0x1294c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x1294c000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0098.337] GetFileType (hFile=0x274) returned 0x1 [0098.337] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0098.337] WriteFile (in: hFile=0x274, lpBuffer=0x12950000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12950000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0098.337] GetFileType (hFile=0x274) returned 0x1 [0098.337] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0098.337] SystemFunction036 (in: RandomBuffer=0x1294a201, RandomBufferLength=0x40 | out: RandomBuffer=0x1294a201) returned 1 [0098.338] WriteFile (in: hFile=0x274, lpBuffer=0x1298e420*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e420*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0098.338] WriteFile (in: hFile=0x274, lpBuffer=0x1294a300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1294a300*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0098.338] CloseHandle (hObject=0x274) returned 1 [0098.340] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\qHoJ-z3pedpS.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\qhoj-z3pedps.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\qHoJ-z3pedpS.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\qhoj-z3pedps.jpg.crypted"), dwFlags=0x1) returned 1 [0098.340] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\qHoJ-z3pedpS.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\qhoj-z3pedps.jpg")) returned 0xffffffff [0098.340] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0099.026] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0099.061] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent" (normalized: "c:\\users\\rdhj0cnfevzx\\recent"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.061] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent" (normalized: "c:\\users\\rdhj0cnfevzx\\recent"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x274 [0099.061] GetFileInformationByHandle (in: hFile=0x274, lpFileInformation=0x12b11bd0 | out: lpFileInformation=0x12b11bd0) returned 1 [0099.061] GetFileInformationByHandleEx (in: hFile=0x274, FileInformationClass=0x9, lpFileInformation=0x12b11bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12b11bc8) returned 1 [0099.061] CloseHandle (hObject=0x274) returned 1 [0099.061] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent" (normalized: "c:\\users\\rdhj0cnfevzx\\recent")) returned 0x2416 [0099.062] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent", dwFileAttributes=0x2416) returned 1 [0099.065] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent" (normalized: "c:\\users\\rdhj0cnfevzx\\recent"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0099.065] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent\\*", lpFindFileData=0x12b11b9c | out: lpFindFileData=0x12b11b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0099.065] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent" (normalized: "c:\\users\\rdhj0cnfevzx\\recent")) returned 0x2416 [0099.065] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent", dwFileAttributes=0x2417) returned 1 [0099.065] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x37, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0099.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo" (normalized: "c:\\users\\rdhj0cnfevzx\\sendto"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.146] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo" (normalized: "c:\\users\\rdhj0cnfevzx\\sendto"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x274 [0099.146] GetFileInformationByHandle (in: hFile=0x274, lpFileInformation=0x12a51bd0 | out: lpFileInformation=0x12a51bd0) returned 1 [0099.146] GetFileInformationByHandleEx (in: hFile=0x274, FileInformationClass=0x9, lpFileInformation=0x12a51bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12a51bc8) returned 1 [0099.146] CloseHandle (hObject=0x274) returned 1 [0099.146] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo" (normalized: "c:\\users\\rdhj0cnfevzx\\sendto")) returned 0x2416 [0099.146] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo", dwFileAttributes=0x2416) returned 1 [0099.147] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo" (normalized: "c:\\users\\rdhj0cnfevzx\\sendto"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0099.147] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo\\*", lpFindFileData=0x12a51b9c | out: lpFindFileData=0x12a51b9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0099.147] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo" (normalized: "c:\\users\\rdhj0cnfevzx\\sendto")) returned 0x2416 [0099.147] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo", dwFileAttributes=0x2417) returned 1 [0099.147] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x31, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0099.266] VirtualFree (lpAddress=0x12dd4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Templates" (normalized: "c:\\users\\rdhj0cnfevzx\\templates"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.267] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Templates" (normalized: "c:\\users\\rdhj0cnfevzx\\templates"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x274 [0099.267] GetFileInformationByHandle (in: hFile=0x274, lpFileInformation=0x12915bd0 | out: lpFileInformation=0x12915bd0) returned 1 [0099.267] GetFileInformationByHandleEx (in: hFile=0x274, FileInformationClass=0x9, lpFileInformation=0x12915bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12915bc8) returned 1 [0099.268] CloseHandle (hObject=0x274) returned 1 [0099.268] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x1, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0099.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\27aUy Ao90492vIE.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\27auy ao90492vie.flv"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85174ba0, ftCreationTime.dwHighDateTime=0x1d70819, ftLastAccessTime.dwLowDateTime=0x52b74110, ftLastAccessTime.dwHighDateTime=0x1d708a0, ftLastWriteTime.dwLowDateTime=0x52b74110, ftLastWriteTime.dwHighDateTime=0x1d708a0, nFileSizeHigh=0x0, nFileSizeLow=0x49a5)) returned 1 [0099.289] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\27aUy Ao90492vIE.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\27auy ao90492vie.flv")) returned 0x20 [0099.289] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\27aUy Ao90492vIE.flv", dwFileAttributes=0x20) returned 1 [0099.289] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\27aUy Ao90492vIE.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\27auy ao90492vie.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.290] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0099.290] GetFileType (hFile=0x274) returned 0x1 [0099.290] GetFileType (hFile=0x274) returned 0x1 [0099.290] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.290] ReadFile (in: hFile=0x274, lpBuffer=0x12810638, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x12810638*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0099.290] SystemFunction036 (in: RandomBuffer=0x129a3798, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3798) returned 1 [0099.290] SystemFunction036 (in: RandomBuffer=0x129a37a8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a37a8) returned 1 [0099.290] GetFileType (hFile=0x274) returned 0x1 [0099.290] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.290] ReadFile (in: hFile=0x274, lpBuffer=0x129f0000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x129f0000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.291] GetFileType (hFile=0x274) returned 0x1 [0099.291] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.291] WriteFile (in: hFile=0x274, lpBuffer=0x129f4000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x129f4000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.291] GetFileType (hFile=0x274) returned 0x1 [0099.291] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.291] SystemFunction036 (in: RandomBuffer=0x1299af01, RandomBufferLength=0x40 | out: RandomBuffer=0x1299af01) returned 1 [0099.292] WriteFile (in: hFile=0x274, lpBuffer=0x12810694*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12810694*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0099.292] WriteFile (in: hFile=0x274, lpBuffer=0x1299b000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1299b000*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0099.292] CloseHandle (hObject=0x274) returned 1 [0099.293] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\27aUy Ao90492vIE.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\27auy ao90492vie.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\27aUy Ao90492vIE.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\27auy ao90492vie.flv.crypted"), dwFlags=0x1) returned 1 [0099.294] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\27aUy Ao90492vIE.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\27auy ao90492vie.flv")) returned 0xffffffff [0099.294] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x1e, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0099.347] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\95qIU6V2taby9rkE-7B.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\95qiu6v2taby9rke-7b.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d6ac6c0, ftCreationTime.dwHighDateTime=0x1d6fabb, ftLastAccessTime.dwLowDateTime=0x228901a0, ftLastAccessTime.dwHighDateTime=0x1d6fd55, ftLastWriteTime.dwLowDateTime=0x228901a0, ftLastWriteTime.dwHighDateTime=0x1d6fd55, nFileSizeHigh=0x0, nFileSizeLow=0x25e4)) returned 1 [0099.347] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\95qIU6V2taby9rkE-7B.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\95qiu6v2taby9rke-7b.mkv")) returned 0x20 [0099.347] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\95qIU6V2taby9rkE-7B.mkv", dwFileAttributes=0x20) returned 1 [0099.347] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\95qIU6V2taby9rkE-7B.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\95qiu6v2taby9rke-7b.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.347] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.348] GetFileType (hFile=0x274) returned 0x1 [0099.348] GetFileType (hFile=0x274) returned 0x1 [0099.348] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.348] ReadFile (in: hFile=0x274, lpBuffer=0x1298e560, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e560*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0099.348] SystemFunction036 (in: RandomBuffer=0x128cd928, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd928) returned 1 [0099.348] SystemFunction036 (in: RandomBuffer=0x128cd938, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd938) returned 1 [0099.348] GetFileType (hFile=0x274) returned 0x1 [0099.348] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.348] ReadFile (in: hFile=0x274, lpBuffer=0x12b86000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12b86000*, lpNumberOfBytesRead=0x12915e80*=0x25e4, lpOverlapped=0x0) returned 1 [0099.348] GetFileType (hFile=0x274) returned 0x1 [0099.348] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.348] WriteFile (in: hFile=0x274, lpBuffer=0x12b8a000*, nNumberOfBytesToWrite=0x25f0, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12b8a000*, lpNumberOfBytesWritten=0x12915e78*=0x25f0, lpOverlapped=0x0) returned 1 [0099.349] GetFileType (hFile=0x274) returned 0x1 [0099.349] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.349] SystemFunction036 (in: RandomBuffer=0x1294af01, RandomBufferLength=0x40 | out: RandomBuffer=0x1294af01) returned 1 [0099.349] WriteFile (in: hFile=0x274, lpBuffer=0x1298e5bc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e5bc*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.349] WriteFile (in: hFile=0x274, lpBuffer=0x1294b000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1294b000*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.349] CloseHandle (hObject=0x274) returned 1 [0099.351] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\95qIU6V2taby9rkE-7B.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\95qiu6v2taby9rke-7b.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\95qIU6V2taby9rkE-7B.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\95qiu6v2taby9rke-7b.mkv.crypted"), dwFlags=0x1) returned 1 [0099.354] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\95qIU6V2taby9rkE-7B.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\95qiu6v2taby9rke-7b.mkv")) returned 0xffffffff [0099.354] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x20, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0099.407] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\N3AG.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\n3ag.avi"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe323160, ftCreationTime.dwHighDateTime=0x1d70680, ftLastAccessTime.dwLowDateTime=0x2c8c9d00, ftLastAccessTime.dwHighDateTime=0x1d70869, ftLastWriteTime.dwLowDateTime=0x2c8c9d00, ftLastWriteTime.dwHighDateTime=0x1d70869, nFileSizeHigh=0x0, nFileSizeLow=0xad89)) returned 1 [0099.407] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\N3AG.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\n3ag.avi")) returned 0x20 [0099.407] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\N3AG.avi", dwFileAttributes=0x20) returned 1 [0099.408] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\N3AG.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\n3ag.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.408] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0099.408] GetFileType (hFile=0x274) returned 0x1 [0099.408] GetFileType (hFile=0x274) returned 0x1 [0099.408] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.408] ReadFile (in: hFile=0x274, lpBuffer=0x12810710, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x12810710*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0099.408] SystemFunction036 (in: RandomBuffer=0x129a3c48, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3c48) returned 1 [0099.408] SystemFunction036 (in: RandomBuffer=0x129a3c58, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3c58) returned 1 [0099.408] GetFileType (hFile=0x274) returned 0x1 [0099.408] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.408] ReadFile (in: hFile=0x274, lpBuffer=0x12c00000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x12c00000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.409] GetFileType (hFile=0x274) returned 0x1 [0099.409] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.409] WriteFile (in: hFile=0x274, lpBuffer=0x12c04000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x12c04000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.409] GetFileType (hFile=0x274) returned 0x1 [0099.409] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.409] SystemFunction036 (in: RandomBuffer=0x1299b501, RandomBufferLength=0x40 | out: RandomBuffer=0x1299b501) returned 1 [0099.410] WriteFile (in: hFile=0x274, lpBuffer=0x1281076c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1281076c*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0099.410] WriteFile (in: hFile=0x274, lpBuffer=0x1299b600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1299b600*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0099.410] CloseHandle (hObject=0x274) returned 1 [0099.412] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\N3AG.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\n3ag.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\N3AG.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\n3ag.avi.crypted"), dwFlags=0x1) returned 1 [0099.413] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\N3AG.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\n3ag.avi")) returned 0xffffffff [0099.413] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x24, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0099.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\zDAfxOHlO1SRg.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\zdafxohlo1srg.avi"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506f72e0, ftCreationTime.dwHighDateTime=0x1d6ffab, ftLastAccessTime.dwLowDateTime=0xe4cf7cc0, ftLastAccessTime.dwHighDateTime=0x1d703eb, ftLastWriteTime.dwLowDateTime=0xe4cf7cc0, ftLastWriteTime.dwHighDateTime=0x1d703eb, nFileSizeHigh=0x0, nFileSizeLow=0x5299)) returned 1 [0099.488] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\zDAfxOHlO1SRg.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\zdafxohlo1srg.avi")) returned 0x20 [0099.489] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\zDAfxOHlO1SRg.avi", dwFileAttributes=0x20) returned 1 [0099.489] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\zDAfxOHlO1SRg.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\zdafxohlo1srg.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.489] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0099.489] GetFileType (hFile=0x274) returned 0x1 [0099.489] GetFileType (hFile=0x274) returned 0x1 [0099.489] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.489] ReadFile (in: hFile=0x274, lpBuffer=0x1288a668, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a668*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0099.489] SystemFunction036 (in: RandomBuffer=0x129316a8, RandomBufferLength=0x10 | out: RandomBuffer=0x129316a8) returned 1 [0099.489] SystemFunction036 (in: RandomBuffer=0x129316b8, RandomBufferLength=0x10 | out: RandomBuffer=0x129316b8) returned 1 [0099.489] GetFileType (hFile=0x274) returned 0x1 [0099.489] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.489] ReadFile (in: hFile=0x274, lpBuffer=0x12b18000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12b18000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.490] GetFileType (hFile=0x274) returned 0x1 [0099.490] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.490] WriteFile (in: hFile=0x274, lpBuffer=0x12b20000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12b20000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.490] GetFileType (hFile=0x274) returned 0x1 [0099.490] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.490] SystemFunction036 (in: RandomBuffer=0x12ac2c01, RandomBufferLength=0x40 | out: RandomBuffer=0x12ac2c01) returned 1 [0099.490] WriteFile (in: hFile=0x274, lpBuffer=0x1288a6c4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a6c4*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0099.491] WriteFile (in: hFile=0x274, lpBuffer=0x12ac2d00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12ac2d00*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0099.491] CloseHandle (hObject=0x274) returned 1 [0099.492] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\zDAfxOHlO1SRg.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\zdafxohlo1srg.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\zDAfxOHlO1SRg.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\zdafxohlo1srg.avi.crypted"), dwFlags=0x1) returned 1 [0099.493] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\zDAfxOHlO1SRg.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\zdafxohlo1srg.avi")) returned 0xffffffff [0099.493] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x22, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0099.558] VirtualFree (lpAddress=0x12dc8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\e8RxABnO.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\e8rxabno.swf"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd4f2a30, ftCreationTime.dwHighDateTime=0x1d701d3, ftLastAccessTime.dwLowDateTime=0xb6e07a00, ftLastAccessTime.dwHighDateTime=0x1d701d7, ftLastWriteTime.dwLowDateTime=0xb6e07a00, ftLastWriteTime.dwHighDateTime=0x1d701d7, nFileSizeHigh=0x0, nFileSizeLow=0xde8)) returned 1 [0099.558] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\e8RxABnO.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\e8rxabno.swf")) returned 0x20 [0099.558] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\e8RxABnO.swf", dwFileAttributes=0x20) returned 1 [0099.559] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\e8RxABnO.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\e8rxabno.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.559] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0099.559] GetFileType (hFile=0x274) returned 0x1 [0099.559] GetFileType (hFile=0x274) returned 0x1 [0099.559] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.559] ReadFile (in: hFile=0x274, lpBuffer=0x128107e8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x128107e8*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0099.559] SystemFunction036 (in: RandomBuffer=0x129fe2f8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe2f8) returned 1 [0099.559] SystemFunction036 (in: RandomBuffer=0x129fe308, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe308) returned 1 [0099.559] VirtualAlloc (lpAddress=0x12c8a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c8a000 [0099.560] GetFileType (hFile=0x274) returned 0x1 [0099.560] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.560] ReadFile (in: hFile=0x274, lpBuffer=0x12c8a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x12c8a000*, lpNumberOfBytesRead=0x12b11e80*=0xde8, lpOverlapped=0x0) returned 1 [0099.560] VirtualAlloc (lpAddress=0x12c8e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c8e000 [0099.563] GetFileType (hFile=0x274) returned 0x1 [0099.564] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.564] WriteFile (in: hFile=0x274, lpBuffer=0x12c8e000*, nNumberOfBytesToWrite=0xdf0, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x12c8e000*, lpNumberOfBytesWritten=0x12b11e78*=0xdf0, lpOverlapped=0x0) returned 1 [0099.564] GetFileType (hFile=0x274) returned 0x1 [0099.564] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.564] SystemFunction036 (in: RandomBuffer=0x1299bf01, RandomBufferLength=0x40 | out: RandomBuffer=0x1299bf01) returned 1 [0099.564] WriteFile (in: hFile=0x274, lpBuffer=0x12810844*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12810844*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0099.564] WriteFile (in: hFile=0x274, lpBuffer=0x12c90000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12c90000*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0099.564] CloseHandle (hObject=0x274) returned 1 [0099.565] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\e8RxABnO.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\e8rxabno.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\e8RxABnO.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\e8rxabno.swf.crypted"), dwFlags=0x1) returned 1 [0099.566] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\e8RxABnO.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\e8rxabno.swf")) returned 0xffffffff [0099.566] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa04, ulCount=0x10, ulNumEntriesRemoved=0x32eaf9ec, dwMilliseconds=0x17, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa04, ulNumEntriesRemoved=0x32eaf9ec) returned 0 [0099.635] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0099.747] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0099.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\AIzBr5ZrKX8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\aizbr5zrkx8.swf"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f803550, ftCreationTime.dwHighDateTime=0x1d6fd09, ftLastAccessTime.dwLowDateTime=0x248c8d40, ftLastAccessTime.dwHighDateTime=0x1d7099f, ftLastWriteTime.dwLowDateTime=0x248c8d40, ftLastWriteTime.dwHighDateTime=0x1d7099f, nFileSizeHigh=0x0, nFileSizeLow=0x15172)) returned 1 [0099.797] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\AIzBr5ZrKX8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\aizbr5zrkx8.swf")) returned 0x20 [0099.797] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\AIzBr5ZrKX8.swf", dwFileAttributes=0x20) returned 1 [0099.798] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\AIzBr5ZrKX8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\aizbr5zrkx8.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.798] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.798] GetFileType (hFile=0x274) returned 0x1 [0099.798] GetFileType (hFile=0x274) returned 0x1 [0099.798] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.798] ReadFile (in: hFile=0x274, lpBuffer=0x1298e708, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e708*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0099.798] SystemFunction036 (in: RandomBuffer=0x12be4348, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4348) returned 1 [0099.798] SystemFunction036 (in: RandomBuffer=0x12be4358, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4358) returned 1 [0099.798] GetFileType (hFile=0x274) returned 0x1 [0099.799] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.799] ReadFile (in: hFile=0x274, lpBuffer=0x12d0a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12d0a000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.799] GetFileType (hFile=0x274) returned 0x1 [0099.799] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.799] WriteFile (in: hFile=0x274, lpBuffer=0x12d10000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12d10000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.799] GetFileType (hFile=0x274) returned 0x1 [0099.799] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.799] SystemFunction036 (in: RandomBuffer=0x1294be01, RandomBufferLength=0x40 | out: RandomBuffer=0x1294be01) returned 1 [0099.800] WriteFile (in: hFile=0x274, lpBuffer=0x1298e7a4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e7a4*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.800] WriteFile (in: hFile=0x274, lpBuffer=0x1294bf00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1294bf00*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.800] CloseHandle (hObject=0x274) returned 1 [0099.803] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\AIzBr5ZrKX8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\aizbr5zrkx8.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\AIzBr5ZrKX8.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\aizbr5zrkx8.swf.crypted"), dwFlags=0x1) returned 1 [0099.803] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\AIzBr5ZrKX8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\aizbr5zrkx8.swf")) returned 0xffffffff [0099.803] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0099.847] SetEvent (hEvent=0x26c) returned 1 [0099.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\UyZKX--DfH6UhPde 1_.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\uyzkx--dfh6uhpde 1_.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4212340, ftCreationTime.dwHighDateTime=0x1d70459, ftLastAccessTime.dwLowDateTime=0xb4325fb0, ftLastAccessTime.dwHighDateTime=0x1d708d7, ftLastWriteTime.dwLowDateTime=0xb4325fb0, ftLastWriteTime.dwHighDateTime=0x1d708d7, nFileSizeHigh=0x0, nFileSizeLow=0x1527)) returned 1 [0099.847] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\UyZKX--DfH6UhPde 1_.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\uyzkx--dfh6uhpde 1_.mp4")) returned 0x20 [0099.847] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\UyZKX--DfH6UhPde 1_.mp4", dwFileAttributes=0x20) returned 1 [0099.847] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\UyZKX--DfH6UhPde 1_.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\uyzkx--dfh6uhpde 1_.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.847] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.847] GetFileType (hFile=0x274) returned 0x1 [0099.848] GetFileType (hFile=0x274) returned 0x1 [0099.848] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.848] ReadFile (in: hFile=0x274, lpBuffer=0x1298e7ac, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e7ac*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0099.848] SystemFunction036 (in: RandomBuffer=0x12be45c8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be45c8) returned 1 [0099.848] SystemFunction036 (in: RandomBuffer=0x12be45d8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be45d8) returned 1 [0099.848] GetFileType (hFile=0x274) returned 0x1 [0099.848] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.848] ReadFile (in: hFile=0x274, lpBuffer=0x12d26000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12d26000*, lpNumberOfBytesRead=0x12915e80*=0x1527, lpOverlapped=0x0) returned 1 [0099.848] GetFileType (hFile=0x274) returned 0x1 [0099.848] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.848] WriteFile (in: hFile=0x274, lpBuffer=0x12d2a000*, nNumberOfBytesToWrite=0x1530, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12d2a000*, lpNumberOfBytesWritten=0x12915e78*=0x1530, lpOverlapped=0x0) returned 1 [0099.848] GetFileType (hFile=0x274) returned 0x1 [0099.849] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.849] SystemFunction036 (in: RandomBuffer=0x12d1c101, RandomBufferLength=0x40 | out: RandomBuffer=0x12d1c101) returned 1 [0099.849] WriteFile (in: hFile=0x274, lpBuffer=0x1298e808*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e808*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.849] WriteFile (in: hFile=0x274, lpBuffer=0x12d1c200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12d1c200*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.849] CloseHandle (hObject=0x274) returned 1 [0099.850] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\UyZKX--DfH6UhPde 1_.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\uyzkx--dfh6uhpde 1_.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\UyZKX--DfH6UhPde 1_.mp4.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\uyzkx--dfh6uhpde 1_.mp4.crypted"), dwFlags=0x1) returned 1 [0099.851] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\UyZKX--DfH6UhPde 1_.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\uyzkx--dfh6uhpde 1_.mp4")) returned 0xffffffff [0099.851] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0099.871] SetEvent (hEvent=0x26c) returned 1 [0099.871] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0099.907] SetEvent (hEvent=0x26c) returned 1 [0099.908] SetEvent (hEvent=0x1d0) returned 1 [0099.908] VirtualFree (lpAddress=0x12dbe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.908] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa24, ulCount=0x10, ulNumEntriesRemoved=0x32eafa0c, dwMilliseconds=0x1, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa24, ulNumEntriesRemoved=0x32eafa0c) returned 0 [0099.911] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x32eafa24, ulCount=0x10, ulNumEntriesRemoved=0x32eafa0c, dwMilliseconds=0x2f, fAlertable=0 | out: lpCompletionPortEntries=0x32eafa24, ulNumEntriesRemoved=0x32eafa0c) returned 0 [0099.974] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.052] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.134] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.199] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.258] SetEvent (hEvent=0x260) returned 1 [0100.258] SetEvent (hEvent=0x26c) returned 1 [0100.258] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\OPzgr0G4CKXjB.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\opzgr0g4ckxjb.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc67f9520, ftCreationTime.dwHighDateTime=0x1d6fcf7, ftLastAccessTime.dwLowDateTime=0x725ced10, ftLastAccessTime.dwHighDateTime=0x1d6ff1f, ftLastWriteTime.dwLowDateTime=0x725ced10, ftLastWriteTime.dwHighDateTime=0x1d6ff1f, nFileSizeHigh=0x0, nFileSizeLow=0x9383)) returned 1 [0100.258] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\OPzgr0G4CKXjB.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\opzgr0g4ckxjb.mkv")) returned 0x20 [0100.258] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\OPzgr0G4CKXjB.mkv", dwFileAttributes=0x20) returned 1 [0100.259] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\OPzgr0G4CKXjB.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\opzgr0g4ckxjb.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.259] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0100.259] GetFileType (hFile=0x274) returned 0x1 [0100.259] GetFileType (hFile=0x274) returned 0x1 [0100.259] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.259] ReadFile (in: hFile=0x274, lpBuffer=0x12900068, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x12900068*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0100.259] SystemFunction036 (in: RandomBuffer=0x12d3a258, RandomBufferLength=0x10 | out: RandomBuffer=0x12d3a258) returned 1 [0100.259] SystemFunction036 (in: RandomBuffer=0x12d3a268, RandomBufferLength=0x10 | out: RandomBuffer=0x12d3a268) returned 1 [0100.259] GetFileType (hFile=0x274) returned 0x1 [0100.259] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0100.259] ReadFile (in: hFile=0x274, lpBuffer=0x12d56000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12d56000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0100.260] GetFileType (hFile=0x274) returned 0x1 [0100.260] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0100.260] WriteFile (in: hFile=0x274, lpBuffer=0x12d5a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12d5a000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0100.260] GetFileType (hFile=0x274) returned 0x1 [0100.260] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0100.260] SystemFunction036 (in: RandomBuffer=0x12d48301, RandomBufferLength=0x40 | out: RandomBuffer=0x12d48301) returned 1 [0100.260] WriteFile (in: hFile=0x274, lpBuffer=0x129000c4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x129000c4*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0100.260] WriteFile (in: hFile=0x274, lpBuffer=0x12d48400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12d48400*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0100.261] CloseHandle (hObject=0x274) returned 1 [0100.262] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\OPzgr0G4CKXjB.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\opzgr0g4ckxjb.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\OPzgr0G4CKXjB.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\opzgr0g4ckxjb.mkv.crypted"), dwFlags=0x1) returned 1 [0100.263] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\OPzgr0G4CKXjB.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\opzgr0g4ckxjb.mkv")) returned 0xffffffff [0100.263] VirtualFree (lpAddress=0x12db2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.264] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.349] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.388] VirtualFree (lpAddress=0x12dae000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.389] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\jtAx.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\jtax.avi"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda83c430, ftCreationTime.dwHighDateTime=0x1d70722, ftLastAccessTime.dwLowDateTime=0x76d614b0, ftLastAccessTime.dwHighDateTime=0x1d70989, ftLastWriteTime.dwLowDateTime=0x76d614b0, ftLastWriteTime.dwHighDateTime=0x1d70989, nFileSizeHigh=0x0, nFileSizeLow=0x16b2f)) returned 1 [0100.389] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\jtAx.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\jtax.avi")) returned 0x20 [0100.389] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\jtAx.avi", dwFileAttributes=0x20) returned 1 [0100.389] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\jtAx.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\jtax.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0100.390] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x12837e88 | out: lpMode=0x12837e88) returned 0 [0100.390] GetFileType (hFile=0x2fc) returned 0x1 [0100.390] GetFileType (hFile=0x2fc) returned 0x1 [0100.390] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.390] ReadFile (in: hFile=0x2fc, lpBuffer=0x1288a2d4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12837d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a2d4*, lpNumberOfBytesRead=0x12837d14*=0x4, lpOverlapped=0x0) returned 1 [0100.390] SystemFunction036 (in: RandomBuffer=0x12cd8a78, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8a78) returned 1 [0100.390] SystemFunction036 (in: RandomBuffer=0x12cd8a88, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8a88) returned 1 [0100.390] GetFileType (hFile=0x2fc) returned 0x1 [0100.390] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.390] ReadFile (in: hFile=0x2fc, lpBuffer=0x1291e000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12837e80, lpOverlapped=0x0 | out: lpBuffer=0x1291e000*, lpNumberOfBytesRead=0x12837e80*=0x4000, lpOverlapped=0x0) returned 1 [0100.390] GetFileType (hFile=0x2fc) returned 0x1 [0100.390] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.391] WriteFile (in: hFile=0x2fc, lpBuffer=0x12932000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12837e78, lpOverlapped=0x0 | out: lpBuffer=0x12932000*, lpNumberOfBytesWritten=0x12837e78*=0x4000, lpOverlapped=0x0) returned 1 [0100.391] GetFileType (hFile=0x2fc) returned 0x1 [0100.391] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.391] SystemFunction036 (in: RandomBuffer=0x12cf7401, RandomBufferLength=0x40 | out: RandomBuffer=0x12cf7401) returned 1 [0100.391] WriteFile (in: hFile=0x2fc, lpBuffer=0x1288a330*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a330*, lpNumberOfBytesWritten=0x12837d88*=0x4, lpOverlapped=0x0) returned 1 [0100.391] WriteFile (in: hFile=0x2fc, lpBuffer=0x12cf7500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x12cf7500*, lpNumberOfBytesWritten=0x12837d88*=0x100, lpOverlapped=0x0) returned 1 [0100.391] CloseHandle (hObject=0x2fc) returned 1 [0100.394] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\jtAx.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\jtax.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\jtAx.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\jtax.avi.crypted"), dwFlags=0x1) returned 1 [0100.486] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\jtAx.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\jtax.avi")) returned 0xffffffff [0100.486] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.518] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.624] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.672] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.703] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.768] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.805] SetEvent (hEvent=0x278) returned 1 [0100.805] SetEvent (hEvent=0x26c) returned 1 [0100.805] VirtualFree (lpAddress=0x12d9e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.805] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) returned 0x0 [0101.484] WaitForSingleObject (hHandle=0x1a4, dwMilliseconds=0xffffffff) Thread: id = 15 os_tid = 0x95c [0093.813] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x32feff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x32feff28*=0x18c) returned 1 [0093.813] VirtualQuery (in: lpAddress=0x32feff38, lpBuffer=0x32feff38, dwLength=0x1c | out: lpBuffer=0x32feff38*(BaseAddress=0x32fef000, AllocationBase=0x32ef0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0093.813] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IVKiwu3f0ndhBaWgQn.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ivkiwu3f0ndhbawgqn.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12865c44 | out: lpFileInformation=0x12865c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ed34410, ftCreationTime.dwHighDateTime=0x1d70813, ftLastAccessTime.dwLowDateTime=0x633b6520, ftLastAccessTime.dwHighDateTime=0x1d7098b, ftLastWriteTime.dwLowDateTime=0x633b6520, ftLastWriteTime.dwHighDateTime=0x1d7098b, nFileSizeHigh=0x0, nFileSizeLow=0x1724)) returned 1 [0093.813] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IVKiwu3f0ndhBaWgQn.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ivkiwu3f0ndhbawgqn.m4a")) returned 0x20 [0093.813] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IVKiwu3f0ndhBaWgQn.m4a", dwFileAttributes=0x20) returned 1 [0093.813] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IVKiwu3f0ndhBaWgQn.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ivkiwu3f0ndhbawgqn.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0093.813] GetConsoleMode (in: hConsoleHandle=0x190, lpMode=0x12865e88 | out: lpMode=0x12865e88) returned 0 [0093.813] GetFileType (hFile=0x190) returned 0x1 [0093.813] GetFileType (hFile=0x190) returned 0x1 [0093.813] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.813] ReadFile (in: hFile=0x190, lpBuffer=0x12810334, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12865d14, lpOverlapped=0x0 | out: lpBuffer=0x12810334*, lpNumberOfBytesRead=0x12865d14*=0x4, lpOverlapped=0x0) returned 1 [0093.814] SystemFunction036 (in: RandomBuffer=0x128165c8, RandomBufferLength=0x10 | out: RandomBuffer=0x128165c8) returned 1 [0093.814] SystemFunction036 (in: RandomBuffer=0x128165d8, RandomBufferLength=0x10 | out: RandomBuffer=0x128165d8) returned 1 [0093.814] VirtualAlloc (lpAddress=0x12a14000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a14000 [0093.814] GetFileType (hFile=0x190) returned 0x1 [0093.814] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0093.814] ReadFile (in: hFile=0x190, lpBuffer=0x12a14000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12865e80, lpOverlapped=0x0 | out: lpBuffer=0x12a14000*, lpNumberOfBytesRead=0x12865e80*=0x1724, lpOverlapped=0x0) returned 1 [0093.814] VirtualAlloc (lpAddress=0x12a18000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a18000 [0093.815] GetFileType (hFile=0x190) returned 0x1 [0093.815] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0093.815] WriteFile (in: hFile=0x190, lpBuffer=0x12a18000*, nNumberOfBytesToWrite=0x1730, lpNumberOfBytesWritten=0x12865e78, lpOverlapped=0x0 | out: lpBuffer=0x12a18000*, lpNumberOfBytesWritten=0x12865e78*=0x1730, lpOverlapped=0x0) returned 1 [0093.815] GetFileType (hFile=0x190) returned 0x1 [0093.815] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0093.815] SystemFunction036 (in: RandomBuffer=0x1287e301, RandomBufferLength=0x40 | out: RandomBuffer=0x1287e301) returned 1 [0093.815] WriteFile (in: hFile=0x190, lpBuffer=0x12810390*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12865d88, lpOverlapped=0x0 | out: lpBuffer=0x12810390*, lpNumberOfBytesWritten=0x12865d88*=0x4, lpOverlapped=0x0) returned 1 [0093.815] WriteFile (in: hFile=0x190, lpBuffer=0x1287e400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12865d88, lpOverlapped=0x0 | out: lpBuffer=0x1287e400*, lpNumberOfBytesWritten=0x12865d88*=0x100, lpOverlapped=0x0) returned 1 [0093.816] CloseHandle (hObject=0x190) returned 1 [0093.887] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x190 [0093.887] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x194 [0093.887] WaitForSingleObject (hHandle=0x190, dwMilliseconds=0xffffffff) returned 0x0 [0093.897] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IVKiwu3f0ndhBaWgQn.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ivkiwu3f0ndhbawgqn.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IVKiwu3f0ndhBaWgQn.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ivkiwu3f0ndhbawgqn.m4a.crypted"), dwFlags=0x1) returned 1 [0094.605] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\IVKiwu3f0ndhBaWgQn.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ivkiwu3f0ndhbawgqn.m4a")) returned 0xffffffff [0094.668] WaitForSingleObject (hHandle=0x190, dwMilliseconds=0xffffffff) returned 0x0 [0095.029] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\om7geSAayM_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\om7gesaaym_.swf"), fInfoLevelId=0x0, lpFileInformation=0x12b15c44 | out: lpFileInformation=0x12b15c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48137930, ftCreationTime.dwHighDateTime=0x1d70a31, ftLastAccessTime.dwLowDateTime=0x180365a0, ftLastAccessTime.dwHighDateTime=0x1d70a56, ftLastWriteTime.dwLowDateTime=0x180365a0, ftLastWriteTime.dwHighDateTime=0x1d70a56, nFileSizeHigh=0x0, nFileSizeLow=0xf910)) returned 1 [0095.029] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\om7geSAayM_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\om7gesaaym_.swf")) returned 0x20 [0095.029] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\om7geSAayM_.swf", dwFileAttributes=0x20) returned 1 [0095.029] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\om7geSAayM_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\om7gesaaym_.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0095.029] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0x12b15e88 | out: lpMode=0x12b15e88) returned 0 [0095.029] GetFileType (hFile=0x204) returned 0x1 [0095.029] GetFileType (hFile=0x204) returned 0x1 [0095.029] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.030] ReadFile (in: hFile=0x204, lpBuffer=0x129009dc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b15d14, lpOverlapped=0x0 | out: lpBuffer=0x129009dc*, lpNumberOfBytesRead=0x12b15d14*=0x4, lpOverlapped=0x0) returned 1 [0095.030] SystemFunction036 (in: RandomBuffer=0x12931ba8, RandomBufferLength=0x10 | out: RandomBuffer=0x12931ba8) returned 1 [0095.030] SystemFunction036 (in: RandomBuffer=0x12931bb8, RandomBufferLength=0x10 | out: RandomBuffer=0x12931bb8) returned 1 [0095.030] VirtualAlloc (lpAddress=0x12af8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12af8000 [0095.030] GetFileType (hFile=0x204) returned 0x1 [0095.030] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0095.030] ReadFile (in: hFile=0x204, lpBuffer=0x12af8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b15e80, lpOverlapped=0x0 | out: lpBuffer=0x12af8000*, lpNumberOfBytesRead=0x12b15e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.030] VirtualAlloc (lpAddress=0x12afc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12afc000 [0095.031] GetFileType (hFile=0x204) returned 0x1 [0095.031] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0095.031] WriteFile (in: hFile=0x204, lpBuffer=0x12afc000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b15e78, lpOverlapped=0x0 | out: lpBuffer=0x12afc000*, lpNumberOfBytesWritten=0x12b15e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.031] GetFileType (hFile=0x204) returned 0x1 [0095.031] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0095.031] SystemFunction036 (in: RandomBuffer=0x12ad9001, RandomBufferLength=0x40 | out: RandomBuffer=0x12ad9001) returned 1 [0095.031] VirtualAlloc (lpAddress=0x12c80000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c80000 [0095.032] VirtualAlloc (lpAddress=0x12c82000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c82000 [0095.032] VirtualAlloc (lpAddress=0x12c84000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c84000 [0095.033] WriteFile (in: hFile=0x204, lpBuffer=0x12900a38*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b15d88, lpOverlapped=0x0 | out: lpBuffer=0x12900a38*, lpNumberOfBytesWritten=0x12b15d88*=0x4, lpOverlapped=0x0) returned 1 [0095.033] WriteFile (in: hFile=0x204, lpBuffer=0x12ad9100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b15d88, lpOverlapped=0x0 | out: lpBuffer=0x12ad9100*, lpNumberOfBytesWritten=0x12b15d88*=0x100, lpOverlapped=0x0) returned 1 [0095.033] CloseHandle (hObject=0x204) returned 1 [0095.078] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\om7geSAayM_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\om7gesaaym_.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\om7geSAayM_.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\om7gesaaym_.swf.crypted"), dwFlags=0x1) returned 1 [0096.840] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\om7geSAayM_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\om7gesaaym_.swf")) returned 0xffffffff [0096.880] WaitForSingleObject (hHandle=0x190, dwMilliseconds=0xffffffff) returned 0x0 [0096.903] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\VEuQO6swH.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\veuqo6swh.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12b15c44 | out: lpFileInformation=0x12b15c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5139d610, ftCreationTime.dwHighDateTime=0x1d6fdae, ftLastAccessTime.dwLowDateTime=0x9bc2e330, ftLastAccessTime.dwHighDateTime=0x1d7047e, ftLastWriteTime.dwLowDateTime=0x9bc2e330, ftLastWriteTime.dwHighDateTime=0x1d7047e, nFileSizeHigh=0x0, nFileSizeLow=0x11620)) returned 1 [0096.903] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\VEuQO6swH.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\veuqo6swh.mp3")) returned 0x20 [0096.903] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\VEuQO6swH.mp3", dwFileAttributes=0x20) returned 1 [0096.903] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\VEuQO6swH.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\veuqo6swh.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0096.903] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0x12b15e88 | out: lpMode=0x12b15e88) returned 0 [0096.903] GetFileType (hFile=0x2d4) returned 0x1 [0096.904] GetFileType (hFile=0x2d4) returned 0x1 [0096.904] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.904] ReadFile (in: hFile=0x2d4, lpBuffer=0x1298e874, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b15d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e874*, lpNumberOfBytesRead=0x12b15d14*=0x4, lpOverlapped=0x0) returned 1 [0096.904] SystemFunction036 (in: RandomBuffer=0x129a2028, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2028) returned 1 [0096.904] SystemFunction036 (in: RandomBuffer=0x129a2038, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2038) returned 1 [0096.904] GetFileType (hFile=0x2d4) returned 0x1 [0096.904] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0096.904] ReadFile (in: hFile=0x2d4, lpBuffer=0x12b3a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b15e80, lpOverlapped=0x0 | out: lpBuffer=0x12b3a000*, lpNumberOfBytesRead=0x12b15e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.904] GetFileType (hFile=0x2d4) returned 0x1 [0096.904] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0096.904] WriteFile (in: hFile=0x2d4, lpBuffer=0x12b3e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b15e78, lpOverlapped=0x0 | out: lpBuffer=0x12b3e000*, lpNumberOfBytesWritten=0x12b15e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.905] GetFileType (hFile=0x2d4) returned 0x1 [0096.905] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0096.905] SystemFunction036 (in: RandomBuffer=0x12cedd01, RandomBufferLength=0x40 | out: RandomBuffer=0x12cedd01) returned 1 [0096.905] WriteFile (in: hFile=0x2d4, lpBuffer=0x1298e8d0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b15d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e8d0*, lpNumberOfBytesWritten=0x12b15d88*=0x4, lpOverlapped=0x0) returned 1 [0096.905] WriteFile (in: hFile=0x2d4, lpBuffer=0x12cede00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b15d88, lpOverlapped=0x0 | out: lpBuffer=0x12cede00*, lpNumberOfBytesWritten=0x12b15d88*=0x100, lpOverlapped=0x0) returned 1 [0096.905] CloseHandle (hObject=0x2d4) returned 1 [0096.911] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\VEuQO6swH.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\veuqo6swh.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\VEuQO6swH.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\veuqo6swh.mp3.crypted"), dwFlags=0x1) returned 1 [0096.911] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\VEuQO6swH.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\veuqo6swh.mp3")) returned 0xffffffff [0096.911] WaitForSingleObject (hHandle=0x190, dwMilliseconds=0xffffffff) returned 0x0 [0096.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\kZWl531.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\kzwl531.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15ffa330, ftCreationTime.dwHighDateTime=0x1d707e1, ftLastAccessTime.dwLowDateTime=0x9f4855a0, ftLastAccessTime.dwHighDateTime=0x1d709fe, ftLastWriteTime.dwLowDateTime=0x9f4855a0, ftLastWriteTime.dwHighDateTime=0x1d709fe, nFileSizeHigh=0x0, nFileSizeLow=0x2eae)) returned 1 [0096.969] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\kZWl531.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\kzwl531.mp3")) returned 0x20 [0096.969] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\kZWl531.mp3", dwFileAttributes=0x20) returned 1 [0096.969] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\kZWl531.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\kzwl531.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0096.970] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0096.970] GetFileType (hFile=0x2d8) returned 0x1 [0096.970] GetFileType (hFile=0x2d8) returned 0x1 [0096.970] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.970] ReadFile (in: hFile=0x2d8, lpBuffer=0x1288a74c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a74c*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0096.970] SystemFunction036 (in: RandomBuffer=0x12930118, RandomBufferLength=0x10 | out: RandomBuffer=0x12930118) returned 1 [0096.970] SystemFunction036 (in: RandomBuffer=0x12930128, RandomBufferLength=0x10 | out: RandomBuffer=0x12930128) returned 1 [0096.970] GetFileType (hFile=0x2d8) returned 0x1 [0096.970] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.970] ReadFile (in: hFile=0x2d8, lpBuffer=0x12a18000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12a18000*, lpNumberOfBytesRead=0x12d89e80*=0x2eae, lpOverlapped=0x0) returned 1 [0096.970] GetFileType (hFile=0x2d8) returned 0x1 [0096.971] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.971] WriteFile (in: hFile=0x2d8, lpBuffer=0x12df1000*, nNumberOfBytesToWrite=0x2eb0, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12df1000*, lpNumberOfBytesWritten=0x12d89e78*=0x2eb0, lpOverlapped=0x0) returned 1 [0096.971] GetFileType (hFile=0x2d8) returned 0x1 [0096.971] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.971] SystemFunction036 (in: RandomBuffer=0x128c4c01, RandomBufferLength=0x40 | out: RandomBuffer=0x128c4c01) returned 1 [0096.971] WriteFile (in: hFile=0x2d8, lpBuffer=0x1288a7a8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a7a8*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0096.971] WriteFile (in: hFile=0x2d8, lpBuffer=0x128c4d00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x128c4d00*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0096.971] CloseHandle (hObject=0x2d8) returned 1 [0096.973] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\kZWl531.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\kzwl531.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\kZWl531.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\kzwl531.mp3.crypted"), dwFlags=0x1) returned 1 [0096.974] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\kZWl531.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\kzwl531.mp3")) returned 0xffffffff [0096.974] WaitForSingleObject (hHandle=0x190, dwMilliseconds=0xffffffff) Thread: id = 16 os_tid = 0x9e0 [0093.856] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3312ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3312ff28*=0x178) returned 1 [0093.856] VirtualQuery (in: lpAddress=0x3312ff38, lpBuffer=0x3312ff38, dwLength=0x1c | out: lpBuffer=0x3312ff38*(BaseAddress=0x3312f000, AllocationBase=0x33030000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0093.856] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1296e480, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x190 [0093.857] CloseHandle (hObject=0x190) returned 1 [0093.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KWcSlr8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kwcslr8.m4a"), fInfoLevelId=0x0, lpFileInformation=0x1285fc44 | out: lpFileInformation=0x1285fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed4e49a0, ftCreationTime.dwHighDateTime=0x1d7038a, ftLastAccessTime.dwLowDateTime=0x40ceab10, ftLastAccessTime.dwHighDateTime=0x1d706f1, ftLastWriteTime.dwLowDateTime=0x40ceab10, ftLastWriteTime.dwHighDateTime=0x1d706f1, nFileSizeHigh=0x0, nFileSizeLow=0xb050)) returned 1 [0093.857] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KWcSlr8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kwcslr8.m4a")) returned 0x20 [0093.857] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KWcSlr8.m4a", dwFileAttributes=0x20) returned 1 [0093.857] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KWcSlr8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kwcslr8.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0093.857] GetConsoleMode (in: hConsoleHandle=0x190, lpMode=0x1285fe88 | out: lpMode=0x1285fe88) returned 0 [0093.857] GetFileType (hFile=0x190) returned 0x1 [0093.857] GetFileType (hFile=0x190) returned 0x1 [0093.857] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.857] ReadFile (in: hFile=0x190, lpBuffer=0x129005bc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x1285fd14, lpOverlapped=0x0 | out: lpBuffer=0x129005bc*, lpNumberOfBytesRead=0x1285fd14*=0x4, lpOverlapped=0x0) returned 1 [0093.858] SystemFunction036 (in: RandomBuffer=0x12930e88, RandomBufferLength=0x10 | out: RandomBuffer=0x12930e88) returned 1 [0093.858] SystemFunction036 (in: RandomBuffer=0x12930e98, RandomBufferLength=0x10 | out: RandomBuffer=0x12930e98) returned 1 [0093.858] VirtualAlloc (lpAddress=0x1297a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x1297a000 [0093.858] GetFileType (hFile=0x190) returned 0x1 [0093.858] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0x0) returned 1 [0093.858] ReadFile (in: hFile=0x190, lpBuffer=0x1297a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x1285fe80, lpOverlapped=0x0 | out: lpBuffer=0x1297a000*, lpNumberOfBytesRead=0x1285fe80*=0x4000, lpOverlapped=0x0) returned 1 [0093.858] VirtualAlloc (lpAddress=0x12a8e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a8e000 [0093.859] GetFileType (hFile=0x190) returned 0x1 [0093.859] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0x0) returned 1 [0093.859] WriteFile (in: hFile=0x190, lpBuffer=0x12a8e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1285fe78, lpOverlapped=0x0 | out: lpBuffer=0x12a8e000*, lpNumberOfBytesWritten=0x1285fe78*=0x4000, lpOverlapped=0x0) returned 1 [0093.859] GetFileType (hFile=0x190) returned 0x1 [0093.859] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0x0) returned 1 [0093.859] SystemFunction036 (in: RandomBuffer=0x12950901, RandomBufferLength=0x40 | out: RandomBuffer=0x12950901) returned 1 [0093.859] VirtualAlloc (lpAddress=0x1297e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x1297e000 [0093.860] WriteFile (in: hFile=0x190, lpBuffer=0x12900618*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x1285fd88, lpOverlapped=0x0 | out: lpBuffer=0x12900618*, lpNumberOfBytesWritten=0x1285fd88*=0x4, lpOverlapped=0x0) returned 1 [0093.860] WriteFile (in: hFile=0x190, lpBuffer=0x12950a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x1285fd88, lpOverlapped=0x0 | out: lpBuffer=0x12950a00*, lpNumberOfBytesWritten=0x1285fd88*=0x100, lpOverlapped=0x0) returned 1 [0093.860] CloseHandle (hObject=0x190) returned 1 [0093.974] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1b0 [0093.974] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1b4 [0093.974] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) returned 0x0 [0094.001] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KWcSlr8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kwcslr8.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KWcSlr8.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kwcslr8.m4a.crypted"), dwFlags=0x1) returned 1 [0094.744] SetEvent (hEvent=0x13c) returned 1 [0094.744] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KWcSlr8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kwcslr8.m4a")) returned 0xffffffff [0094.747] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) returned 0x0 [0094.866] SetEvent (hEvent=0xfc) returned 1 [0094.866] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) returned 0x0 [0094.924] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\n0_FeAoVLpX4idGJgs.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\n0_feaovlpx4idgjgs.wav"), fInfoLevelId=0x0, lpFileInformation=0x129d3c44 | out: lpFileInformation=0x129d3c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2fc0680, ftCreationTime.dwHighDateTime=0x1d70047, ftLastAccessTime.dwLowDateTime=0xc837ce20, ftLastAccessTime.dwHighDateTime=0x1d70a79, ftLastWriteTime.dwLowDateTime=0xc837ce20, ftLastWriteTime.dwHighDateTime=0x1d70a79, nFileSizeHigh=0x0, nFileSizeLow=0x13689)) returned 1 [0094.924] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\n0_FeAoVLpX4idGJgs.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\n0_feaovlpx4idgjgs.wav")) returned 0x20 [0094.952] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\n0_FeAoVLpX4idGJgs.wav", dwFileAttributes=0x20) returned 1 [0094.953] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\n0_FeAoVLpX4idGJgs.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\n0_feaovlpx4idgjgs.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0094.953] GetConsoleMode (in: hConsoleHandle=0x220, lpMode=0x129d3e88 | out: lpMode=0x129d3e88) returned 0 [0094.953] GetFileType (hFile=0x220) returned 0x1 [0094.953] GetFileType (hFile=0x220) returned 0x1 [0094.953] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.953] ReadFile (in: hFile=0x220, lpBuffer=0x1288b5fc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129d3d14, lpOverlapped=0x0 | out: lpBuffer=0x1288b5fc*, lpNumberOfBytesRead=0x129d3d14*=0x4, lpOverlapped=0x0) returned 1 [0094.953] SystemFunction036 (in: RandomBuffer=0x128cd978, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd978) returned 1 [0094.953] SystemFunction036 (in: RandomBuffer=0x128cd988, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd988) returned 1 [0094.953] VirtualAlloc (lpAddress=0x12b56000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b56000 [0094.954] GetFileType (hFile=0x220) returned 0x1 [0094.954] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0x0) returned 1 [0094.954] ReadFile (in: hFile=0x220, lpBuffer=0x12b56000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d3e80, lpOverlapped=0x0 | out: lpBuffer=0x12b56000*, lpNumberOfBytesRead=0x129d3e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.954] VirtualAlloc (lpAddress=0x12b5a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b5a000 [0094.955] GetFileType (hFile=0x220) returned 0x1 [0094.955] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0x0) returned 1 [0094.955] WriteFile (in: hFile=0x220, lpBuffer=0x12b5a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129d3e78, lpOverlapped=0x0 | out: lpBuffer=0x12b5a000*, lpNumberOfBytesWritten=0x129d3e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.955] GetFileType (hFile=0x220) returned 0x1 [0094.955] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d3e9c | out: lpNewFilePointer=0x0) returned 1 [0094.955] SystemFunction036 (in: RandomBuffer=0x12b52701, RandomBufferLength=0x40 | out: RandomBuffer=0x12b52701) returned 1 [0094.955] VirtualAlloc (lpAddress=0x12b5e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b5e000 [0094.956] WriteFile (in: hFile=0x220, lpBuffer=0x1288b658*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129d3d88, lpOverlapped=0x0 | out: lpBuffer=0x1288b658*, lpNumberOfBytesWritten=0x129d3d88*=0x4, lpOverlapped=0x0) returned 1 [0094.956] WriteFile (in: hFile=0x220, lpBuffer=0x12b52800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129d3d88, lpOverlapped=0x0 | out: lpBuffer=0x12b52800*, lpNumberOfBytesWritten=0x129d3d88*=0x100, lpOverlapped=0x0) returned 1 [0094.956] CloseHandle (hObject=0x220) returned 1 [0094.977] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) returned 0x0 [0094.996] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\n0_FeAoVLpX4idGJgs.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\n0_feaovlpx4idgjgs.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\n0_FeAoVLpX4idGJgs.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\n0_feaovlpx4idgjgs.wav.crypted"), dwFlags=0x1) returned 1 [0096.547] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) returned 0x0 [0096.563] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\n0_FeAoVLpX4idGJgs.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\n0_feaovlpx4idgjgs.wav")) returned 0xffffffff [0096.610] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) returned 0x0 [0096.638] SetEvent (hEvent=0x19c) returned 1 [0096.638] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) returned 0x0 [0096.771] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LYJqOLnG68IjaOKql90Y.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lyjqolng68ijaokql90y.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd94fa800, ftCreationTime.dwHighDateTime=0x1d70514, ftLastAccessTime.dwLowDateTime=0xf21bf230, ftLastAccessTime.dwHighDateTime=0x1d70a78, ftLastWriteTime.dwLowDateTime=0xf21bf230, ftLastWriteTime.dwHighDateTime=0x1d70a78, nFileSizeHigh=0x0, nFileSizeLow=0xe8f5)) returned 1 [0096.771] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LYJqOLnG68IjaOKql90Y.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lyjqolng68ijaokql90y.mp3")) returned 0x20 [0096.771] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LYJqOLnG68IjaOKql90Y.mp3", dwFileAttributes=0x20) returned 1 [0096.772] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LYJqOLnG68IjaOKql90Y.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lyjqolng68ijaokql90y.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0096.772] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0x12913e88 | out: lpMode=0x12913e88) returned 0 [0096.772] GetFileType (hFile=0x1c0) returned 0x1 [0096.772] GetFileType (hFile=0x1c0) returned 0x1 [0096.772] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.772] ReadFile (in: hFile=0x1c0, lpBuffer=0x12900350, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12913d14, lpOverlapped=0x0 | out: lpBuffer=0x12900350*, lpNumberOfBytesRead=0x12913d14*=0x4, lpOverlapped=0x0) returned 1 [0096.772] SystemFunction036 (in: RandomBuffer=0x12c91478, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91478) returned 1 [0096.772] SystemFunction036 (in: RandomBuffer=0x12c91488, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91488) returned 1 [0096.772] GetFileType (hFile=0x1c0) returned 0x1 [0096.772] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0096.772] ReadFile (in: hFile=0x1c0, lpBuffer=0x12a8a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12913e80, lpOverlapped=0x0 | out: lpBuffer=0x12a8a000*, lpNumberOfBytesRead=0x12913e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.773] GetFileType (hFile=0x1c0) returned 0x1 [0096.773] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0096.773] WriteFile (in: hFile=0x1c0, lpBuffer=0x12a8e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12913e78, lpOverlapped=0x0 | out: lpBuffer=0x12a8e000*, lpNumberOfBytesWritten=0x12913e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.773] GetFileType (hFile=0x1c0) returned 0x1 [0096.773] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0096.773] SystemFunction036 (in: RandomBuffer=0x12c73a01, RandomBufferLength=0x40 | out: RandomBuffer=0x12c73a01) returned 1 [0096.774] WriteFile (in: hFile=0x1c0, lpBuffer=0x129003ac*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x129003ac*, lpNumberOfBytesWritten=0x12913d88*=0x4, lpOverlapped=0x0) returned 1 [0096.774] WriteFile (in: hFile=0x1c0, lpBuffer=0x12c73b00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x12c73b00*, lpNumberOfBytesWritten=0x12913d88*=0x100, lpOverlapped=0x0) returned 1 [0096.774] CloseHandle (hObject=0x1c0) returned 1 [0096.778] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LYJqOLnG68IjaOKql90Y.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lyjqolng68ijaokql90y.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LYJqOLnG68IjaOKql90Y.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lyjqolng68ijaokql90y.mp3.crypted"), dwFlags=0x1) returned 1 [0096.778] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LYJqOLnG68IjaOKql90Y.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lyjqolng68ijaokql90y.mp3")) returned 0xffffffff [0096.778] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3312fa04, ulCount=0x10, ulNumEntriesRemoved=0x3312f9ec, dwMilliseconds=0x15, fAlertable=0 | out: lpCompletionPortEntries=0x3312fa04, ulNumEntriesRemoved=0x3312f9ec) returned 0 [0096.816] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\6LV1sbKK-D3XJvtWm.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\6lv1sbkk-d3xjvtwm.wav"), fInfoLevelId=0x0, lpFileInformation=0x12a6bc44 | out: lpFileInformation=0x12a6bc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x595ca330, ftCreationTime.dwHighDateTime=0x1d70061, ftLastAccessTime.dwLowDateTime=0x40c3300, ftLastAccessTime.dwHighDateTime=0x1d700e8, ftLastWriteTime.dwLowDateTime=0x40c3300, ftLastWriteTime.dwHighDateTime=0x1d700e8, nFileSizeHigh=0x0, nFileSizeLow=0x15ee9)) returned 1 [0096.816] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\6LV1sbKK-D3XJvtWm.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\6lv1sbkk-d3xjvtwm.wav")) returned 0x20 [0096.816] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\6LV1sbKK-D3XJvtWm.wav", dwFileAttributes=0x20) returned 1 [0096.816] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\6LV1sbKK-D3XJvtWm.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\6lv1sbkk-d3xjvtwm.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0096.816] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0x12a6be88 | out: lpMode=0x12a6be88) returned 0 [0096.816] GetFileType (hFile=0x2c4) returned 0x1 [0096.816] GetFileType (hFile=0x2c4) returned 0x1 [0096.816] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.816] ReadFile (in: hFile=0x2c4, lpBuffer=0x1298e800, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6bd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e800*, lpNumberOfBytesRead=0x12a6bd14*=0x4, lpOverlapped=0x0) returned 1 [0096.816] SystemFunction036 (in: RandomBuffer=0x12be5ec8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5ec8) returned 1 [0096.817] SystemFunction036 (in: RandomBuffer=0x12be5ed8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5ed8) returned 1 [0096.817] GetFileType (hFile=0x2c4) returned 0x1 [0096.817] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0096.817] ReadFile (in: hFile=0x2c4, lpBuffer=0x129fa000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6be80, lpOverlapped=0x0 | out: lpBuffer=0x129fa000*, lpNumberOfBytesRead=0x12a6be80*=0x4000, lpOverlapped=0x0) returned 1 [0096.817] GetFileType (hFile=0x2c4) returned 0x1 [0096.817] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0096.817] WriteFile (in: hFile=0x2c4, lpBuffer=0x12b20000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6be78, lpOverlapped=0x0 | out: lpBuffer=0x12b20000*, lpNumberOfBytesWritten=0x12a6be78*=0x4000, lpOverlapped=0x0) returned 1 [0096.817] GetFileType (hFile=0x2c4) returned 0x1 [0096.817] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0096.817] ReadFile (in: hFile=0x2c4, lpBuffer=0x129fa000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6be80, lpOverlapped=0x0 | out: lpBuffer=0x129fa000*, lpNumberOfBytesRead=0x12a6be80*=0x4000, lpOverlapped=0x0) returned 1 [0096.818] GetFileType (hFile=0x2c4) returned 0x1 [0096.818] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0096.818] WriteFile (in: hFile=0x2c4, lpBuffer=0x12b24000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6be78, lpOverlapped=0x0 | out: lpBuffer=0x12b24000*, lpNumberOfBytesWritten=0x12a6be78*=0x4000, lpOverlapped=0x0) returned 1 [0096.818] GetFileType (hFile=0x2c4) returned 0x1 [0096.818] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6be9c | out: lpNewFilePointer=0x0) returned 1 [0096.818] SystemFunction036 (in: RandomBuffer=0x12ceda01, RandomBufferLength=0x40 | out: RandomBuffer=0x12ceda01) returned 1 [0096.818] WriteFile (in: hFile=0x2c4, lpBuffer=0x1298e86c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6bd88, lpOverlapped=0x0 | out: lpBuffer=0x1298e86c*, lpNumberOfBytesWritten=0x12a6bd88*=0x4, lpOverlapped=0x0) returned 1 [0096.819] WriteFile (in: hFile=0x2c4, lpBuffer=0x12cedb00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6bd88, lpOverlapped=0x0 | out: lpBuffer=0x12cedb00*, lpNumberOfBytesWritten=0x12a6bd88*=0x100, lpOverlapped=0x0) returned 1 [0096.819] CloseHandle (hObject=0x2c4) returned 1 [0096.821] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\6LV1sbKK-D3XJvtWm.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\6lv1sbkk-d3xjvtwm.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\6LV1sbKK-D3XJvtWm.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\6lv1sbkk-d3xjvtwm.wav.crypted"), dwFlags=0x1) returned 1 [0096.822] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\6LV1sbKK-D3XJvtWm.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\6lv1sbkk-d3xjvtwm.wav")) returned 0xffffffff [0096.822] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3312fa04, ulCount=0x10, ulNumEntriesRemoved=0x3312f9ec, dwMilliseconds=0x1e, fAlertable=0 | out: lpCompletionPortEntries=0x3312fa04, ulNumEntriesRemoved=0x3312f9ec) returned 0 [0096.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\PZ3cyOZFQ.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\pz3cyozfq.wav"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x180f5d70, ftCreationTime.dwHighDateTime=0x1d7009b, ftLastAccessTime.dwLowDateTime=0x5ec28280, ftLastAccessTime.dwHighDateTime=0x1d7010c, ftLastWriteTime.dwLowDateTime=0x5ec28280, ftLastWriteTime.dwHighDateTime=0x1d7010c, nFileSizeHigh=0x0, nFileSizeLow=0x15b16)) returned 1 [0096.871] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\PZ3cyOZFQ.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\pz3cyozfq.wav")) returned 0x20 [0096.871] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\PZ3cyOZFQ.wav", dwFileAttributes=0x20) returned 1 [0096.871] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\PZ3cyOZFQ.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\pz3cyozfq.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0096.871] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0x12913e88 | out: lpMode=0x12913e88) returned 0 [0096.871] GetFileType (hFile=0x2d4) returned 0x1 [0096.871] GetFileType (hFile=0x2d4) returned 0x1 [0096.871] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.872] ReadFile (in: hFile=0x2d4, lpBuffer=0x12900418, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12913d14, lpOverlapped=0x0 | out: lpBuffer=0x12900418*, lpNumberOfBytesRead=0x12913d14*=0x4, lpOverlapped=0x0) returned 1 [0096.872] SystemFunction036 (in: RandomBuffer=0x12c916f8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c916f8) returned 1 [0096.872] SystemFunction036 (in: RandomBuffer=0x12c91708, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91708) returned 1 [0096.872] GetFileType (hFile=0x2d4) returned 0x1 [0096.872] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0096.872] ReadFile (in: hFile=0x2d4, lpBuffer=0x12aa6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12913e80, lpOverlapped=0x0 | out: lpBuffer=0x12aa6000*, lpNumberOfBytesRead=0x12913e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.872] GetFileType (hFile=0x2d4) returned 0x1 [0096.872] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0096.872] WriteFile (in: hFile=0x2d4, lpBuffer=0x12aaa000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12913e78, lpOverlapped=0x0 | out: lpBuffer=0x12aaa000*, lpNumberOfBytesWritten=0x12913e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.872] GetFileType (hFile=0x2d4) returned 0x1 [0096.872] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0096.873] SystemFunction036 (in: RandomBuffer=0x12aa2101, RandomBufferLength=0x40 | out: RandomBuffer=0x12aa2101) returned 1 [0096.873] WriteFile (in: hFile=0x2d4, lpBuffer=0x12900474*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x12900474*, lpNumberOfBytesWritten=0x12913d88*=0x4, lpOverlapped=0x0) returned 1 [0096.873] WriteFile (in: hFile=0x2d4, lpBuffer=0x12aa2200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x12aa2200*, lpNumberOfBytesWritten=0x12913d88*=0x100, lpOverlapped=0x0) returned 1 [0096.873] CloseHandle (hObject=0x2d4) returned 1 [0096.879] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\PZ3cyOZFQ.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\pz3cyozfq.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\PZ3cyOZFQ.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\pz3cyozfq.wav.crypted"), dwFlags=0x1) returned 1 [0096.879] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\PZ3cyOZFQ.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\pz3cyozfq.wav")) returned 0xffffffff [0096.879] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3312fa04, ulCount=0x10, ulNumEntriesRemoved=0x3312f9ec, dwMilliseconds=0x20, fAlertable=0 | out: lpCompletionPortEntries=0x3312fa04, ulNumEntriesRemoved=0x3312f9ec) returned 0 [0096.961] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3312fa04, ulCount=0x10, ulNumEntriesRemoved=0x3312f9ec, dwMilliseconds=0x63, fAlertable=0 | out: lpCompletionPortEntries=0x3312fa04, ulNumEntriesRemoved=0x3312f9ec) returned 0 [0097.083] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3312fa04, ulCount=0x10, ulNumEntriesRemoved=0x3312f9ec, dwMilliseconds=0x1b, fAlertable=0 | out: lpCompletionPortEntries=0x3312fa04, ulNumEntriesRemoved=0x3312f9ec) returned 0 [0097.115] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3312fa04, ulCount=0x10, ulNumEntriesRemoved=0x3312f9ec, dwMilliseconds=0x36, fAlertable=0 | out: lpCompletionPortEntries=0x3312fa04, ulNumEntriesRemoved=0x3312f9ec) returned 0 [0097.196] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3312fa04, ulCount=0x10, ulNumEntriesRemoved=0x3312f9ec, dwMilliseconds=0x21, fAlertable=0 | out: lpCompletionPortEntries=0x3312fa04, ulNumEntriesRemoved=0x3312f9ec) returned 0 [0097.252] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\-d7DGeGff4j3KRJnW.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\-d7dgegff4j3krjnw.mp3"), fInfoLevelId=0x0, lpFileInformation=0x129cfc44 | out: lpFileInformation=0x129cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2497ff0, ftCreationTime.dwHighDateTime=0x1d6fb5f, ftLastAccessTime.dwLowDateTime=0x2e18120, ftLastAccessTime.dwHighDateTime=0x1d708a8, ftLastWriteTime.dwLowDateTime=0x2e18120, ftLastWriteTime.dwHighDateTime=0x1d708a8, nFileSizeHigh=0x0, nFileSizeLow=0xa636)) returned 1 [0097.253] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\-d7DGeGff4j3KRJnW.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\-d7dgegff4j3krjnw.mp3")) returned 0x20 [0097.253] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\-d7DGeGff4j3KRJnW.mp3", dwFileAttributes=0x20) returned 1 [0097.253] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\-d7DGeGff4j3KRJnW.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\-d7dgegff4j3krjnw.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0097.253] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x129cfe88 | out: lpMode=0x129cfe88) returned 0 [0097.253] GetFileType (hFile=0x2fc) returned 0x1 [0097.253] GetFileType (hFile=0x2fc) returned 0x1 [0097.253] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.253] ReadFile (in: hFile=0x2fc, lpBuffer=0x128100b8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129cfd14, lpOverlapped=0x0 | out: lpBuffer=0x128100b8*, lpNumberOfBytesRead=0x129cfd14*=0x4, lpOverlapped=0x0) returned 1 [0097.253] SystemFunction036 (in: RandomBuffer=0x129a22f8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a22f8) returned 1 [0097.253] SystemFunction036 (in: RandomBuffer=0x129a2308, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2308) returned 1 [0097.253] GetFileType (hFile=0x2fc) returned 0x1 [0097.253] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.254] ReadFile (in: hFile=0x2fc, lpBuffer=0x12aee000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129cfe80, lpOverlapped=0x0 | out: lpBuffer=0x12aee000*, lpNumberOfBytesRead=0x129cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0097.254] GetFileType (hFile=0x2fc) returned 0x1 [0097.254] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.254] WriteFile (in: hFile=0x2fc, lpBuffer=0x12af2000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129cfe78, lpOverlapped=0x0 | out: lpBuffer=0x12af2000*, lpNumberOfBytesWritten=0x129cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0097.254] GetFileType (hFile=0x2fc) returned 0x1 [0097.254] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.254] SystemFunction036 (in: RandomBuffer=0x1295e401, RandomBufferLength=0x40 | out: RandomBuffer=0x1295e401) returned 1 [0097.255] WriteFile (in: hFile=0x2fc, lpBuffer=0x12810114*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x12810114*, lpNumberOfBytesWritten=0x129cfd88*=0x4, lpOverlapped=0x0) returned 1 [0097.255] WriteFile (in: hFile=0x2fc, lpBuffer=0x1295e500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x1295e500*, lpNumberOfBytesWritten=0x129cfd88*=0x100, lpOverlapped=0x0) returned 1 [0097.255] CloseHandle (hObject=0x2fc) returned 1 [0097.257] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\-d7DGeGff4j3KRJnW.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\-d7dgegff4j3krjnw.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\-d7DGeGff4j3KRJnW.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\-d7dgegff4j3krjnw.mp3.crypted"), dwFlags=0x1) returned 1 [0097.257] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\-d7DGeGff4j3KRJnW.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\-d7dgegff4j3krjnw.mp3")) returned 0xffffffff [0097.258] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3312fa04, ulCount=0x10, ulNumEntriesRemoved=0x3312f9ec, dwMilliseconds=0x1f, fAlertable=0 | out: lpCompletionPortEntries=0x3312fa04, ulNumEntriesRemoved=0x3312f9ec) returned 0 [0097.307] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\kuL1W-h.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\kul1w-h.wav"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x332d97b0, ftCreationTime.dwHighDateTime=0x1d6fdcc, ftLastAccessTime.dwLowDateTime=0xa1c34520, ftLastAccessTime.dwHighDateTime=0x1d706e7, ftLastWriteTime.dwLowDateTime=0xa1c34520, ftLastWriteTime.dwHighDateTime=0x1d706e7, nFileSizeHigh=0x0, nFileSizeLow=0x69b8)) returned 1 [0097.307] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\kuL1W-h.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\kul1w-h.wav")) returned 0x20 [0097.307] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\kuL1W-h.wav", dwFileAttributes=0x20) returned 1 [0097.307] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\kuL1W-h.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\kul1w-h.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.307] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0097.307] GetFileType (hFile=0x274) returned 0x1 [0097.307] GetFileType (hFile=0x274) returned 0x1 [0097.307] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.308] ReadFile (in: hFile=0x274, lpBuffer=0x1298e130, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e130*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0097.308] SystemFunction036 (in: RandomBuffer=0x128cc5c8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc5c8) returned 1 [0097.308] SystemFunction036 (in: RandomBuffer=0x128cc5d8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc5d8) returned 1 [0097.308] GetFileType (hFile=0x274) returned 0x1 [0097.308] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.308] ReadFile (in: hFile=0x274, lpBuffer=0x12b5e000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12b5e000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.308] GetFileType (hFile=0x274) returned 0x1 [0097.308] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.308] WriteFile (in: hFile=0x274, lpBuffer=0x12b62000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12b62000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.308] GetFileType (hFile=0x274) returned 0x1 [0097.308] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.309] SystemFunction036 (in: RandomBuffer=0x12d9ef01, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9ef01) returned 1 [0097.309] WriteFile (in: hFile=0x274, lpBuffer=0x1298e18c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e18c*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0097.309] WriteFile (in: hFile=0x274, lpBuffer=0x12d9f000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9f000*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0097.310] CloseHandle (hObject=0x274) returned 1 [0097.314] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\kuL1W-h.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\kul1w-h.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\kuL1W-h.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\kul1w-h.wav.crypted"), dwFlags=0x1) returned 1 [0097.314] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\kuL1W-h.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\kul1w-h.wav")) returned 0xffffffff [0097.315] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3312fa04, ulCount=0x10, ulNumEntriesRemoved=0x3312f9ec, dwMilliseconds=0x1e, fAlertable=0 | out: lpCompletionPortEntries=0x3312fa04, ulNumEntriesRemoved=0x3312f9ec) returned 0 [0097.368] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) returned 0x0 [0097.437] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) returned 0x0 [0097.450] SetEvent (hEvent=0x234) returned 1 [0097.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\ujenVfUz-oAJdo.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\ujenvfuz-oajdo.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9bfadba0, ftCreationTime.dwHighDateTime=0x1d70398, ftLastAccessTime.dwLowDateTime=0xa758c140, ftLastAccessTime.dwHighDateTime=0x1d70895, ftLastWriteTime.dwLowDateTime=0xa758c140, ftLastWriteTime.dwHighDateTime=0x1d70895, nFileSizeHigh=0x0, nFileSizeLow=0x123e9)) returned 1 [0097.450] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\ujenVfUz-oAJdo.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\ujenvfuz-oajdo.m4a")) returned 0x20 [0097.450] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\ujenVfUz-oAJdo.m4a", dwFileAttributes=0x20) returned 1 [0097.450] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\ujenVfUz-oAJdo.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\ujenvfuz-oajdo.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a4 [0097.451] GetConsoleMode (in: hConsoleHandle=0x2a4, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0097.451] GetFileType (hFile=0x2a4) returned 0x1 [0097.451] GetFileType (hFile=0x2a4) returned 0x1 [0097.451] SetFilePointerEx (in: hFile=0x2a4, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.451] ReadFile (in: hFile=0x2a4, lpBuffer=0x1298e1f8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e1f8*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0097.451] SystemFunction036 (in: RandomBuffer=0x128cc8e8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc8e8) returned 1 [0097.451] SystemFunction036 (in: RandomBuffer=0x128cc8f8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc8f8) returned 1 [0097.451] GetFileType (hFile=0x2a4) returned 0x1 [0097.451] SetFilePointerEx (in: hFile=0x2a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.451] ReadFile (in: hFile=0x2a4, lpBuffer=0x12b74000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12b74000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.451] GetFileType (hFile=0x2a4) returned 0x1 [0097.451] SetFilePointerEx (in: hFile=0x2a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.451] WriteFile (in: hFile=0x2a4, lpBuffer=0x12b78000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12b78000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.452] GetFileType (hFile=0x2a4) returned 0x1 [0097.452] SetFilePointerEx (in: hFile=0x2a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.452] SystemFunction036 (in: RandomBuffer=0x12d9f501, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9f501) returned 1 [0097.452] WriteFile (in: hFile=0x2a4, lpBuffer=0x1298e254*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e254*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0097.452] WriteFile (in: hFile=0x2a4, lpBuffer=0x12d9f600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9f600*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0097.452] CloseHandle (hObject=0x2a4) returned 1 [0097.454] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\ujenVfUz-oAJdo.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\ujenvfuz-oajdo.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\ujenVfUz-oAJdo.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\ujenvfuz-oajdo.m4a.crypted"), dwFlags=0x1) returned 1 [0097.458] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\ujenVfUz-oAJdo.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\ujenvfuz-oajdo.m4a")) returned 0xffffffff [0097.458] WaitForSingleObject (hHandle=0x1b0, dwMilliseconds=0xffffffff) Thread: id = 17 os_tid = 0x9b0 [0093.895] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3326ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3326ff28*=0x198) returned 1 [0093.895] VirtualQuery (in: lpAddress=0x3326ff38, lpBuffer=0x3326ff38, dwLength=0x1c | out: lpBuffer=0x3326ff38*(BaseAddress=0x3326f000, AllocationBase=0x33170000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0093.895] SetEvent (hEvent=0x190) returned 1 [0093.895] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x19c [0093.895] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1a0 [0093.895] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) returned 0x0 [0093.983] SetEvent (hEvent=0x16c) returned 1 [0093.983] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) returned 0x0 [0093.996] SetEvent (hEvent=0x1b0) returned 1 [0093.996] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) returned 0x0 [0094.002] SetEvent (hEvent=0xfc) returned 1 [0094.002] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) returned 0x0 [0094.014] SetEvent (hEvent=0x1d0) returned 1 [0094.014] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) returned 0x0 [0094.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SnvV951PWU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\snvv951pwu.png"), fInfoLevelId=0x0, lpFileInformation=0x129d5c44 | out: lpFileInformation=0x129d5c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x142c29a0, ftCreationTime.dwHighDateTime=0x1d6fbd6, ftLastAccessTime.dwLowDateTime=0x2a757690, ftLastAccessTime.dwHighDateTime=0x1d701f7, ftLastWriteTime.dwLowDateTime=0x2a757690, ftLastWriteTime.dwHighDateTime=0x1d701f7, nFileSizeHigh=0x0, nFileSizeLow=0x992f)) returned 1 [0094.030] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SnvV951PWU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\snvv951pwu.png")) returned 0x20 [0094.030] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SnvV951PWU.png", dwFileAttributes=0x20) returned 1 [0094.030] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SnvV951PWU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\snvv951pwu.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0094.030] GetConsoleMode (in: hConsoleHandle=0x1e8, lpMode=0x129d5e88 | out: lpMode=0x129d5e88) returned 0 [0094.030] GetFileType (hFile=0x1e8) returned 0x1 [0094.030] GetFileType (hFile=0x1e8) returned 0x1 [0094.030] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.030] ReadFile (in: hFile=0x1e8, lpBuffer=0x1298e1c0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129d5d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e1c0*, lpNumberOfBytesRead=0x129d5d14*=0x4, lpOverlapped=0x0) returned 1 [0094.031] SystemFunction036 (in: RandomBuffer=0x129a25c8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a25c8) returned 1 [0094.031] SystemFunction036 (in: RandomBuffer=0x129a25d8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a25d8) returned 1 [0094.031] VirtualAlloc (lpAddress=0x129d8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129d8000 [0094.031] GetFileType (hFile=0x1e8) returned 0x1 [0094.031] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0094.031] ReadFile (in: hFile=0x1e8, lpBuffer=0x129d8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d5e80, lpOverlapped=0x0 | out: lpBuffer=0x129d8000*, lpNumberOfBytesRead=0x129d5e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.031] VirtualAlloc (lpAddress=0x129dc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129dc000 [0094.032] GetFileType (hFile=0x1e8) returned 0x1 [0094.032] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0094.032] WriteFile (in: hFile=0x1e8, lpBuffer=0x129dc000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129d5e78, lpOverlapped=0x0 | out: lpBuffer=0x129dc000*, lpNumberOfBytesWritten=0x129d5e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.032] GetFileType (hFile=0x1e8) returned 0x1 [0094.032] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0094.032] SystemFunction036 (in: RandomBuffer=0x129b8601, RandomBufferLength=0x40 | out: RandomBuffer=0x129b8601) returned 1 [0094.033] WriteFile (in: hFile=0x1e8, lpBuffer=0x1298e21c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e21c*, lpNumberOfBytesWritten=0x129d5d88*=0x4, lpOverlapped=0x0) returned 1 [0094.033] WriteFile (in: hFile=0x1e8, lpBuffer=0x129b8700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x129b8700*, lpNumberOfBytesWritten=0x129d5d88*=0x100, lpOverlapped=0x0) returned 1 [0094.033] CloseHandle (hObject=0x1e8) returned 1 [0094.085] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) returned 0x0 [0094.136] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SnvV951PWU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\snvv951pwu.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SnvV951PWU.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\snvv951pwu.png.crypted"), dwFlags=0x1) returned 1 [0094.867] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SnvV951PWU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\snvv951pwu.png")) returned 0xffffffff [0094.906] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mWSShGr5fOi zdg0.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mwsshgr5foi zdg0.csv"), fInfoLevelId=0x0, lpFileInformation=0x129d5c44 | out: lpFileInformation=0x129d5c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67dd1a10, ftCreationTime.dwHighDateTime=0x1d704a4, ftLastAccessTime.dwLowDateTime=0xffd0e810, ftLastAccessTime.dwHighDateTime=0x1d7099f, ftLastWriteTime.dwLowDateTime=0xffd0e810, ftLastWriteTime.dwHighDateTime=0x1d7099f, nFileSizeHigh=0x0, nFileSizeLow=0xdd34)) returned 1 [0094.906] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mWSShGr5fOi zdg0.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mwsshgr5foi zdg0.csv")) returned 0x20 [0094.906] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mWSShGr5fOi zdg0.csv", dwFileAttributes=0x20) returned 1 [0094.906] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mWSShGr5fOi zdg0.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mwsshgr5foi zdg0.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0094.907] GetConsoleMode (in: hConsoleHandle=0x220, lpMode=0x129d5e88 | out: lpMode=0x129d5e88) returned 0 [0094.907] GetFileType (hFile=0x220) returned 0x1 [0094.907] GetFileType (hFile=0x220) returned 0x1 [0094.907] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.907] ReadFile (in: hFile=0x220, lpBuffer=0x12900970, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129d5d14, lpOverlapped=0x0 | out: lpBuffer=0x12900970*, lpNumberOfBytesRead=0x129d5d14*=0x4, lpOverlapped=0x0) returned 1 [0094.907] SystemFunction036 (in: RandomBuffer=0x12931a68, RandomBufferLength=0x10 | out: RandomBuffer=0x12931a68) returned 1 [0094.907] SystemFunction036 (in: RandomBuffer=0x12931a78, RandomBufferLength=0x10 | out: RandomBuffer=0x12931a78) returned 1 [0094.907] VirtualAlloc (lpAddress=0x12af0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12af0000 [0094.908] GetFileType (hFile=0x220) returned 0x1 [0094.908] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0094.908] ReadFile (in: hFile=0x220, lpBuffer=0x12af0000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d5e80, lpOverlapped=0x0 | out: lpBuffer=0x12af0000*, lpNumberOfBytesRead=0x129d5e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.908] VirtualAlloc (lpAddress=0x12af4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12af4000 [0094.908] GetFileType (hFile=0x220) returned 0x1 [0094.908] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0094.908] WriteFile (in: hFile=0x220, lpBuffer=0x12af4000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129d5e78, lpOverlapped=0x0 | out: lpBuffer=0x12af4000*, lpNumberOfBytesWritten=0x129d5e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.909] GetFileType (hFile=0x220) returned 0x1 [0094.909] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0094.909] SystemFunction036 (in: RandomBuffer=0x12ad8d01, RandomBufferLength=0x40 | out: RandomBuffer=0x12ad8d01) returned 1 [0094.909] WriteFile (in: hFile=0x220, lpBuffer=0x129009cc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x129009cc*, lpNumberOfBytesWritten=0x129d5d88*=0x4, lpOverlapped=0x0) returned 1 [0094.909] WriteFile (in: hFile=0x220, lpBuffer=0x12ad8e00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x12ad8e00*, lpNumberOfBytesWritten=0x129d5d88*=0x100, lpOverlapped=0x0) returned 1 [0094.909] CloseHandle (hObject=0x220) returned 1 [0094.977] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mWSShGr5fOi zdg0.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mwsshgr5foi zdg0.csv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mWSShGr5fOi zdg0.csv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mwsshgr5foi zdg0.csv.crypted"), dwFlags=0x1) returned 1 [0096.459] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mWSShGr5fOi zdg0.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mwsshgr5foi zdg0.csv")) returned 0xffffffff [0096.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\wGU4.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\wgu4.pps"), fInfoLevelId=0x0, lpFileInformation=0x129d5c44 | out: lpFileInformation=0x129d5c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13b36560, ftCreationTime.dwHighDateTime=0x1d70685, ftLastAccessTime.dwLowDateTime=0x1fbfb360, ftLastAccessTime.dwHighDateTime=0x1d70764, ftLastWriteTime.dwLowDateTime=0x1fbfb360, ftLastWriteTime.dwHighDateTime=0x1d70764, nFileSizeHigh=0x0, nFileSizeLow=0x31e8)) returned 1 [0096.502] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\wGU4.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\wgu4.pps")) returned 0x20 [0096.502] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\wGU4.pps", dwFileAttributes=0x20) returned 1 [0096.502] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\wGU4.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\wgu4.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0096.502] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x129d5e88 | out: lpMode=0x129d5e88) returned 0 [0096.502] GetFileType (hFile=0x228) returned 0x1 [0096.502] GetFileType (hFile=0x228) returned 0x1 [0096.502] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.502] ReadFile (in: hFile=0x228, lpBuffer=0x1298e538, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129d5d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e538*, lpNumberOfBytesRead=0x129d5d14*=0x4, lpOverlapped=0x0) returned 1 [0096.503] SystemFunction036 (in: RandomBuffer=0x12be5658, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5658) returned 1 [0096.503] SystemFunction036 (in: RandomBuffer=0x12be5668, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5668) returned 1 [0096.503] GetFileType (hFile=0x228) returned 0x1 [0096.503] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0096.503] ReadFile (in: hFile=0x228, lpBuffer=0x129ca000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d5e80, lpOverlapped=0x0 | out: lpBuffer=0x129ca000*, lpNumberOfBytesRead=0x129d5e80*=0x31e8, lpOverlapped=0x0) returned 1 [0096.503] GetFileType (hFile=0x228) returned 0x1 [0096.503] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0096.503] WriteFile (in: hFile=0x228, lpBuffer=0x129d6000*, nNumberOfBytesToWrite=0x31f0, lpNumberOfBytesWritten=0x129d5e78, lpOverlapped=0x0 | out: lpBuffer=0x129d6000*, lpNumberOfBytesWritten=0x129d5e78*=0x31f0, lpOverlapped=0x0) returned 1 [0096.503] GetFileType (hFile=0x228) returned 0x1 [0096.503] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0096.504] SystemFunction036 (in: RandomBuffer=0x12cece01, RandomBufferLength=0x40 | out: RandomBuffer=0x12cece01) returned 1 [0096.504] WriteFile (in: hFile=0x228, lpBuffer=0x1298e594*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e594*, lpNumberOfBytesWritten=0x129d5d88*=0x4, lpOverlapped=0x0) returned 1 [0096.504] WriteFile (in: hFile=0x228, lpBuffer=0x12cecf00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x12cecf00*, lpNumberOfBytesWritten=0x129d5d88*=0x100, lpOverlapped=0x0) returned 1 [0096.504] CloseHandle (hObject=0x228) returned 1 [0096.505] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\wGU4.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\wgu4.pps"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\wGU4.pps.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\wgu4.pps.crypted"), dwFlags=0x1) returned 1 [0096.506] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\wGU4.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\wgu4.pps")) returned 0xffffffff [0096.506] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) returned 0x0 [0096.547] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1289e090*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x12c5fa78, lpReserved=0x0 | out: lpBuffer=0x1289e090*, lpNumberOfCharsWritten=0x12c5fa78*=0xa) returned 1 [0096.563] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129978c0*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129978c0*, lpNumberOfCharsWritten=0x12831848*=0x2c) returned 1 [0096.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x3d0)) returned 1 [0096.578] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129979e0*, nNumberOfCharsToWrite=0x2e, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129979e0*, lpNumberOfCharsWritten=0x12831848*=0x2e) returned 1 [0096.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0096.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings" (normalized: "c:\\users\\rdhj0cnfevzx\\local settings"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.610] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings" (normalized: "c:\\users\\rdhj0cnfevzx\\local settings"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x228 [0096.610] GetFileInformationByHandle (in: hFile=0x228, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0096.610] GetFileInformationByHandleEx (in: hFile=0x228, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0096.610] CloseHandle (hObject=0x228) returned 1 [0096.610] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128177c0*, nNumberOfCharsToWrite=0x27, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x128177c0*, lpNumberOfCharsWritten=0x128318b0*=0x27) returned 1 [0096.637] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) returned 0x0 [0096.656] SetEvent (hEvent=0x200) returned 1 [0096.656] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music" (normalized: "c:\\users\\rdhj0cnfevzx\\music"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5222bee6, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5222bee6, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0096.656] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music" (normalized: "c:\\users\\rdhj0cnfevzx\\music"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.656] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5222bee6, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5222bee6, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5222bee6, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5222bee6, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d1c5510, ftCreationTime.dwHighDateTime=0x1d6fd7a, ftLastAccessTime.dwLowDateTime=0xf3899ec0, ftLastAccessTime.dwHighDateTime=0x1d6ffbe, ftLastWriteTime.dwLowDateTime=0xf3899ec0, ftLastWriteTime.dwHighDateTime=0x1d6ffbe, nFileSizeHigh=0x0, nFileSizeLow=0x169c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="7VAU_SZVOE6QLBs72.mp3", cAlternateFileName="7VAU_S~1.MP3")) returned 1 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fe89350, ftCreationTime.dwHighDateTime=0x1d6ff0d, ftLastAccessTime.dwLowDateTime=0xd046c560, ftLastAccessTime.dwHighDateTime=0x1d70058, ftLastWriteTime.dwLowDateTime=0xd046c560, ftLastWriteTime.dwHighDateTime=0x1d70058, nFileSizeHigh=0x0, nFileSizeLow=0x13b9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="bUeCDFkN.wav", cAlternateFileName="")) returned 1 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5e28f0, ftCreationTime.dwHighDateTime=0x1d7050b, ftLastAccessTime.dwLowDateTime=0xcd1323d0, ftLastAccessTime.dwHighDateTime=0x1d7070a, ftLastWriteTime.dwLowDateTime=0xcd1323d0, ftLastWriteTime.dwHighDateTime=0x1d7070a, nFileSizeHigh=0x0, nFileSizeLow=0x10e70, dwReserved0=0x0, dwReserved1=0x0, cFileName="hJz6V.mp3", cAlternateFileName="")) returned 1 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51bd9f20, ftCreationTime.dwHighDateTime=0x1d7025b, ftLastAccessTime.dwLowDateTime=0x37b62460, ftLastAccessTime.dwHighDateTime=0x1d7041f, ftLastWriteTime.dwLowDateTime=0x37b62460, ftLastWriteTime.dwHighDateTime=0x1d7041f, nFileSizeHigh=0x0, nFileSizeLow=0x6b6d, dwReserved0=0x0, dwReserved1=0x0, cFileName="jk6FfJO_dz.mp3", cAlternateFileName="JK6FFJ~1.MP3")) returned 1 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5f7e9990, ftCreationTime.dwHighDateTime=0x1d6fa48, ftLastAccessTime.dwLowDateTime=0x5a990eb0, ftLastAccessTime.dwHighDateTime=0x1d7026d, ftLastWriteTime.dwLowDateTime=0x5a990eb0, ftLastWriteTime.dwHighDateTime=0x1d7026d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="l3Ukg9xPqGI", cAlternateFileName="L3UKG9~1")) returned 1 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd94fa800, ftCreationTime.dwHighDateTime=0x1d70514, ftLastAccessTime.dwLowDateTime=0xf21bf230, ftLastAccessTime.dwHighDateTime=0x1d70a78, ftLastWriteTime.dwLowDateTime=0xf21bf230, ftLastWriteTime.dwHighDateTime=0x1d70a78, nFileSizeHigh=0x0, nFileSizeLow=0xe8f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="LYJqOLnG68IjaOKql90Y.mp3", cAlternateFileName="LYJQOL~1.MP3")) returned 1 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37f84a40, ftCreationTime.dwHighDateTime=0x1d6fe3c, ftLastAccessTime.dwLowDateTime=0xb0a5d740, ftLastAccessTime.dwHighDateTime=0x1d7059a, ftLastWriteTime.dwLowDateTime=0xb0a5d740, ftLastWriteTime.dwHighDateTime=0x1d7059a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="R2RbR0boE5Lx2X", cAlternateFileName="R2RBR0~1")) returned 1 [0096.657] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.657] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0096.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.658] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.658] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0096.658] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0096.658] GetFileType (hFile=0x308) returned 0x1 [0096.658] WriteFile (in: hFile=0x308, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0096.659] CloseHandle (hObject=0x308) returned 1 [0096.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\7VAU_SZVOE6QLBs72.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\7vau_szvoe6qlbs72.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d1c5510, ftCreationTime.dwHighDateTime=0x1d6fd7a, ftLastAccessTime.dwLowDateTime=0xf3899ec0, ftLastAccessTime.dwHighDateTime=0x1d6ffbe, ftLastWriteTime.dwLowDateTime=0xf3899ec0, ftLastWriteTime.dwHighDateTime=0x1d6ffbe, nFileSizeHigh=0x0, nFileSizeLow=0x169c8)) returned 1 [0096.659] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a7420*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a7420*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0096.672] SetEvent (hEvent=0x200) returned 1 [0096.672] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LYJqOLnG68IjaOKql90Y.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lyjqolng68ijaokql90y.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd94fa800, ftCreationTime.dwHighDateTime=0x1d70514, ftLastAccessTime.dwLowDateTime=0xf21bf230, ftLastAccessTime.dwHighDateTime=0x1d70a78, ftLastWriteTime.dwLowDateTime=0xf21bf230, ftLastWriteTime.dwHighDateTime=0x1d70a78, nFileSizeHigh=0x0, nFileSizeLow=0xe8f5)) returned 1 [0096.672] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12800e00*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12800e00*, lpNumberOfCharsWritten=0x12831848*=0x3b) returned 1 [0096.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37f84a40, ftCreationTime.dwHighDateTime=0x1d6fe3c, ftLastAccessTime.dwLowDateTime=0xb0a5d740, ftLastAccessTime.dwHighDateTime=0x1d7059a, ftLastWriteTime.dwLowDateTime=0xb0a5d740, ftLastWriteTime.dwHighDateTime=0x1d7059a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0096.757] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.757] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37f84a40, ftCreationTime.dwHighDateTime=0x1d6fe3c, ftLastAccessTime.dwLowDateTime=0xb0a5d740, ftLastAccessTime.dwHighDateTime=0x1d7059a, ftLastWriteTime.dwLowDateTime=0xb0a5d740, ftLastWriteTime.dwHighDateTime=0x1d7059a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0096.757] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37f84a40, ftCreationTime.dwHighDateTime=0x1d6fe3c, ftLastAccessTime.dwLowDateTime=0xb0a5d740, ftLastAccessTime.dwHighDateTime=0x1d7059a, ftLastWriteTime.dwLowDateTime=0xb0a5d740, ftLastWriteTime.dwHighDateTime=0x1d7059a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.757] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd241700, ftCreationTime.dwHighDateTime=0x1d70205, ftLastAccessTime.dwLowDateTime=0xbf150930, ftLastAccessTime.dwHighDateTime=0x1d708a2, ftLastWriteTime.dwLowDateTime=0xbf150930, ftLastWriteTime.dwHighDateTime=0x1d708a2, nFileSizeHigh=0x0, nFileSizeLow=0x101bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="4Tbto3wSrq.wav", cAlternateFileName="4TBTO3~1.WAV")) returned 1 [0096.757] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ca1a6a0, ftCreationTime.dwHighDateTime=0x1d70963, ftLastAccessTime.dwLowDateTime=0x4ab5fa00, ftLastAccessTime.dwHighDateTime=0x1d709f0, ftLastWriteTime.dwLowDateTime=0x4ab5fa00, ftLastWriteTime.dwHighDateTime=0x1d709f0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Wh9AxLTsfU1o4fqG", cAlternateFileName="7WH9AX~1")) returned 1 [0096.757] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x834a4940, ftCreationTime.dwHighDateTime=0x1d70336, ftLastAccessTime.dwLowDateTime=0xa7c5f610, ftLastAccessTime.dwHighDateTime=0x1d70855, ftLastWriteTime.dwLowDateTime=0xa7c5f610, ftLastWriteTime.dwHighDateTime=0x1d70855, nFileSizeHigh=0x0, nFileSizeLow=0x17d5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="mboAfofw_jCV.mp3", cAlternateFileName="MBOAFO~1.MP3")) returned 1 [0096.758] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdb54f0, ftCreationTime.dwHighDateTime=0x1d6fd4d, ftLastAccessTime.dwLowDateTime=0xcf2f2570, ftLastAccessTime.dwHighDateTime=0x1d6ff48, ftLastWriteTime.dwLowDateTime=0xcf2f2570, ftLastWriteTime.dwHighDateTime=0x1d6ff48, nFileSizeHigh=0x0, nFileSizeLow=0x11159, dwReserved0=0x0, dwReserved1=0x0, cFileName="rFMIbNTh6SVXWCF.wav", cAlternateFileName="RFMIBN~1.WAV")) returned 1 [0096.758] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb074490, ftCreationTime.dwHighDateTime=0x1d6fe9b, ftLastAccessTime.dwLowDateTime=0x98515880, ftLastAccessTime.dwHighDateTime=0x1d702d0, ftLastWriteTime.dwLowDateTime=0x98515880, ftLastWriteTime.dwHighDateTime=0x1d702d0, nFileSizeHigh=0x0, nFileSizeLow=0x147d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="uUrZ0.m4a", cAlternateFileName="")) returned 1 [0096.758] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.758] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0096.758] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.758] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.758] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0096.758] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0096.758] GetFileType (hFile=0x1c0) returned 0x1 [0096.758] WriteFile (in: hFile=0x1c0, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0096.759] CloseHandle (hObject=0x1c0) returned 1 [0096.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\4Tbto3wSrq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\4tbto3wsrq.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd241700, ftCreationTime.dwHighDateTime=0x1d70205, ftLastAccessTime.dwLowDateTime=0xbf150930, ftLastAccessTime.dwHighDateTime=0x1d708a2, ftLastWriteTime.dwLowDateTime=0xbf150930, ftLastWriteTime.dwHighDateTime=0x1d708a2, nFileSizeHigh=0x0, nFileSizeLow=0x101bd)) returned 1 [0096.759] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970780*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12970780*, lpNumberOfCharsWritten=0x128317e0*=0x40) returned 1 [0096.779] SetEvent (hEvent=0x218) returned 1 [0096.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ca1a6a0, ftCreationTime.dwHighDateTime=0x1d70963, ftLastAccessTime.dwLowDateTime=0x4ab5fa00, ftLastAccessTime.dwHighDateTime=0x1d709f0, ftLastWriteTime.dwLowDateTime=0x4ab5fa00, ftLastWriteTime.dwHighDateTime=0x1d709f0, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0096.779] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.779] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\*", lpFindFileData=0x12831998 | out: lpFindFileData=0x12831998*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ca1a6a0, ftCreationTime.dwHighDateTime=0x1d70963, ftLastAccessTime.dwLowDateTime=0x4ab5fa00, ftLastAccessTime.dwHighDateTime=0x1d709f0, ftLastWriteTime.dwLowDateTime=0x4ab5fa00, ftLastWriteTime.dwHighDateTime=0x1d709f0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0096.779] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7ca1a6a0, ftCreationTime.dwHighDateTime=0x1d70963, ftLastAccessTime.dwLowDateTime=0x4ab5fa00, ftLastAccessTime.dwHighDateTime=0x1d709f0, ftLastWriteTime.dwLowDateTime=0x4ab5fa00, ftLastWriteTime.dwHighDateTime=0x1d709f0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.779] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x595ca330, ftCreationTime.dwHighDateTime=0x1d70061, ftLastAccessTime.dwLowDateTime=0x40c3300, ftLastAccessTime.dwHighDateTime=0x1d700e8, ftLastWriteTime.dwLowDateTime=0x40c3300, ftLastWriteTime.dwHighDateTime=0x1d700e8, nFileSizeHigh=0x0, nFileSizeLow=0x15ee9, dwReserved0=0x0, dwReserved1=0x0, cFileName="6LV1sbKK-D3XJvtWm.wav", cAlternateFileName="6LV1SB~1.WAV")) returned 1 [0096.779] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bbb0f60, ftCreationTime.dwHighDateTime=0x1d6faec, ftLastAccessTime.dwLowDateTime=0x1b46b370, ftLastAccessTime.dwHighDateTime=0x1d6ff16, ftLastWriteTime.dwLowDateTime=0x1b46b370, ftLastWriteTime.dwHighDateTime=0x1d6ff16, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LCvg4MHIIDFXE5UG", cAlternateFileName="LCVG4M~1")) returned 1 [0096.779] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba8a5660, ftCreationTime.dwHighDateTime=0x1d6fe2d, ftLastAccessTime.dwLowDateTime=0x716ceab0, ftLastAccessTime.dwHighDateTime=0x1d6ffc2, ftLastWriteTime.dwLowDateTime=0x716ceab0, ftLastWriteTime.dwHighDateTime=0x1d6ffc2, nFileSizeHigh=0x0, nFileSizeLow=0x10b54, dwReserved0=0x0, dwReserved1=0x0, cFileName="nIVzqLF49.wav", cAlternateFileName="NIVZQL~1.WAV")) returned 1 [0096.779] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x875d7500, ftCreationTime.dwHighDateTime=0x1d7086f, ftLastAccessTime.dwLowDateTime=0xab010460, ftLastAccessTime.dwHighDateTime=0x1d70877, ftLastWriteTime.dwLowDateTime=0xab010460, ftLastWriteTime.dwHighDateTime=0x1d70877, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yCJwtHQtWZDZ3t2yyS", cAlternateFileName="YCJWTH~1")) returned 1 [0096.779] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.782] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0096.782] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a1c | out: lpFileInformation=0x12831a1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.782] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.782] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0096.783] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0x12831c34 | out: lpMode=0x12831c34) returned 0 [0096.783] GetFileType (hFile=0x1c0) returned 0x1 [0096.783] WriteFile (in: hFile=0x1c0, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c24, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c24*=0x2b8, lpOverlapped=0x0) returned 1 [0096.784] CloseHandle (hObject=0x1c0) returned 1 [0096.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\6LV1sbKK-D3XJvtWm.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\6lv1sbkk-d3xjvtwm.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x595ca330, ftCreationTime.dwHighDateTime=0x1d70061, ftLastAccessTime.dwLowDateTime=0x40c3300, ftLastAccessTime.dwHighDateTime=0x1d700e8, ftLastWriteTime.dwLowDateTime=0x40c3300, ftLastWriteTime.dwHighDateTime=0x1d700e8, nFileSizeHigh=0x0, nFileSizeLow=0x15ee9)) returned 1 [0096.784] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d29c0*, nNumberOfCharsToWrite=0x59, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d29c0*, lpNumberOfCharsWritten=0x12831778*=0x59) returned 1 [0096.802] SetEvent (hEvent=0x218) returned 1 [0096.802] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bbb0f60, ftCreationTime.dwHighDateTime=0x1d6faec, ftLastAccessTime.dwLowDateTime=0x1b46b370, ftLastAccessTime.dwHighDateTime=0x1d6ff16, ftLastWriteTime.dwLowDateTime=0x1b46b370, ftLastWriteTime.dwHighDateTime=0x1d6ff16, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0096.802] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.802] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\*", lpFindFileData=0x12831930 | out: lpFindFileData=0x12831930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bbb0f60, ftCreationTime.dwHighDateTime=0x1d6faec, ftLastAccessTime.dwLowDateTime=0x1b46b370, ftLastAccessTime.dwHighDateTime=0x1d6ff16, ftLastWriteTime.dwLowDateTime=0x1b46b370, ftLastWriteTime.dwHighDateTime=0x1d6ff16, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0096.802] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bbb0f60, ftCreationTime.dwHighDateTime=0x1d6faec, ftLastAccessTime.dwLowDateTime=0x1b46b370, ftLastAccessTime.dwHighDateTime=0x1d6ff16, ftLastWriteTime.dwLowDateTime=0x1b46b370, ftLastWriteTime.dwHighDateTime=0x1d6ff16, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.802] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8eec970, ftCreationTime.dwHighDateTime=0x1d6fbf7, ftLastAccessTime.dwLowDateTime=0x4ed57740, ftLastAccessTime.dwHighDateTime=0x1d6fe11, ftLastWriteTime.dwLowDateTime=0x4ed57740, ftLastWriteTime.dwHighDateTime=0x1d6fe11, nFileSizeHigh=0x0, nFileSizeLow=0x14859, dwReserved0=0x0, dwReserved1=0x0, cFileName="3DHMCVhrKOMLCJNnzVMN.m4a", cAlternateFileName="3DHMCV~1.M4A")) returned 1 [0096.802] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7967def0, ftCreationTime.dwHighDateTime=0x1d6ffcc, ftLastAccessTime.dwLowDateTime=0x86783670, ftLastAccessTime.dwHighDateTime=0x1d70a22, ftLastWriteTime.dwLowDateTime=0x86783670, ftLastWriteTime.dwHighDateTime=0x1d70a22, nFileSizeHigh=0x0, nFileSizeLow=0x13836, dwReserved0=0x0, dwReserved1=0x0, cFileName="dH60-76fNbZrdz2.m4a", cAlternateFileName="DH60-7~1.M4A")) returned 1 [0096.802] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20c8fbf0, ftCreationTime.dwHighDateTime=0x1d6fd72, ftLastAccessTime.dwLowDateTime=0xd8472cc0, ftLastAccessTime.dwHighDateTime=0x1d6fd81, ftLastWriteTime.dwLowDateTime=0xd8472cc0, ftLastWriteTime.dwHighDateTime=0x1d6fd81, nFileSizeHigh=0x0, nFileSizeLow=0xb155, dwReserved0=0x0, dwReserved1=0x0, cFileName="IwNwHTkANyQgUz1S.m4a", cAlternateFileName="IWNWHT~1.M4A")) returned 1 [0096.802] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15ffa330, ftCreationTime.dwHighDateTime=0x1d707e1, ftLastAccessTime.dwLowDateTime=0x9f4855a0, ftLastAccessTime.dwHighDateTime=0x1d709fe, ftLastWriteTime.dwLowDateTime=0x9f4855a0, ftLastWriteTime.dwHighDateTime=0x1d709fe, nFileSizeHigh=0x0, nFileSizeLow=0x2eae, dwReserved0=0x0, dwReserved1=0x0, cFileName="kZWl531.mp3", cAlternateFileName="")) returned 1 [0096.802] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x180f5d70, ftCreationTime.dwHighDateTime=0x1d7009b, ftLastAccessTime.dwLowDateTime=0x5ec28280, ftLastAccessTime.dwHighDateTime=0x1d7010c, ftLastWriteTime.dwLowDateTime=0x5ec28280, ftLastWriteTime.dwHighDateTime=0x1d7010c, nFileSizeHigh=0x0, nFileSizeLow=0x15b16, dwReserved0=0x0, dwReserved1=0x0, cFileName="PZ3cyOZFQ.wav", cAlternateFileName="PZ3CYO~1.WAV")) returned 1 [0096.802] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5139d610, ftCreationTime.dwHighDateTime=0x1d6fdae, ftLastAccessTime.dwLowDateTime=0x9bc2e330, ftLastAccessTime.dwHighDateTime=0x1d7047e, ftLastWriteTime.dwLowDateTime=0x9bc2e330, ftLastWriteTime.dwHighDateTime=0x1d7047e, nFileSizeHigh=0x0, nFileSizeLow=0x11620, dwReserved0=0x0, dwReserved1=0x0, cFileName="VEuQO6swH.mp3", cAlternateFileName="VEUQO6~1.MP3")) returned 1 [0096.802] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.802] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0096.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x128319b4 | out: lpFileInformation=0x128319b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.803] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.803] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0096.803] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0x12831bcc | out: lpMode=0x12831bcc) returned 0 [0096.803] GetFileType (hFile=0x23c) returned 0x1 [0096.803] WriteFile (in: hFile=0x23c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831bbc, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831bbc*=0x2b8, lpOverlapped=0x0) returned 1 [0096.804] CloseHandle (hObject=0x23c) returned 1 [0096.804] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\3DHMCVhrKOMLCJNnzVMN.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\3dhmcvhrkomlcjnnzvmn.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8eec970, ftCreationTime.dwHighDateTime=0x1d6fbf7, ftLastAccessTime.dwLowDateTime=0x4ed57740, ftLastAccessTime.dwHighDateTime=0x1d6fe11, ftLastWriteTime.dwLowDateTime=0x4ed57740, ftLastWriteTime.dwHighDateTime=0x1d6fe11, nFileSizeHigh=0x0, nFileSizeLow=0x14859)) returned 1 [0096.804] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12df6380*, nNumberOfCharsToWrite=0x6d, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12df6380*, lpNumberOfCharsWritten=0x12831710*=0x6d) returned 1 [0096.823] SetEvent (hEvent=0x218) returned 1 [0096.823] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\IwNwHTkANyQgUz1S.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\iwnwhtkanyqguz1s.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20c8fbf0, ftCreationTime.dwHighDateTime=0x1d6fd72, ftLastAccessTime.dwLowDateTime=0xd8472cc0, ftLastAccessTime.dwHighDateTime=0x1d6fd81, ftLastWriteTime.dwLowDateTime=0xd8472cc0, ftLastWriteTime.dwHighDateTime=0x1d6fd81, nFileSizeHigh=0x0, nFileSizeLow=0xb155)) returned 1 [0096.823] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12df6460*, nNumberOfCharsToWrite=0x69, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12df6460*, lpNumberOfCharsWritten=0x12831710*=0x69) returned 1 [0096.842] SetEvent (hEvent=0x218) returned 1 [0096.842] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\PZ3cyOZFQ.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\pz3cyozfq.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x180f5d70, ftCreationTime.dwHighDateTime=0x1d7009b, ftLastAccessTime.dwLowDateTime=0x5ec28280, ftLastAccessTime.dwHighDateTime=0x1d7010c, ftLastWriteTime.dwLowDateTime=0x5ec28280, ftLastWriteTime.dwHighDateTime=0x1d7010c, nFileSizeHigh=0x0, nFileSizeLow=0x15b16)) returned 1 [0096.842] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d9da00*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12d9da00*, lpNumberOfCharsWritten=0x12831710*=0x62) returned 1 [0096.863] SetEvent (hEvent=0x218) returned 1 [0096.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\VEuQO6swH.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\veuqo6swh.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5139d610, ftCreationTime.dwHighDateTime=0x1d6fdae, ftLastAccessTime.dwLowDateTime=0x9bc2e330, ftLastAccessTime.dwHighDateTime=0x1d7047e, ftLastWriteTime.dwLowDateTime=0x9bc2e330, ftLastWriteTime.dwHighDateTime=0x1d7047e, nFileSizeHigh=0x0, nFileSizeLow=0x11620)) returned 1 [0096.863] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d9dad0*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12d9dad0*, lpNumberOfCharsWritten=0x12831710*=0x62) returned 1 [0096.885] SetEvent (hEvent=0x218) returned 1 [0096.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\dH60-76fNbZrdz2.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\dh60-76fnbzrdz2.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7967def0, ftCreationTime.dwHighDateTime=0x1d6ffcc, ftLastAccessTime.dwLowDateTime=0x86783670, ftLastAccessTime.dwHighDateTime=0x1d70a22, ftLastWriteTime.dwLowDateTime=0x86783670, ftLastWriteTime.dwHighDateTime=0x1d70a22, nFileSizeHigh=0x0, nFileSizeLow=0x13836)) returned 1 [0096.885] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d9dc70*, nNumberOfCharsToWrite=0x68, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12d9dc70*, lpNumberOfCharsWritten=0x12831710*=0x68) returned 1 [0096.912] SetEvent (hEvent=0x218) returned 1 [0096.912] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\kZWl531.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\kzwl531.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15ffa330, ftCreationTime.dwHighDateTime=0x1d707e1, ftLastAccessTime.dwLowDateTime=0x9f4855a0, ftLastAccessTime.dwHighDateTime=0x1d709fe, ftLastWriteTime.dwLowDateTime=0x9f4855a0, ftLastWriteTime.dwHighDateTime=0x1d709fe, nFileSizeHigh=0x0, nFileSizeLow=0x2eae)) returned 1 [0096.912] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12a16180*, nNumberOfCharsToWrite=0x60, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12a16180*, lpNumberOfCharsWritten=0x12831710*=0x60) returned 1 [0096.961] SetEvent (hEvent=0x218) returned 1 [0096.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\nIVzqLF49.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\nivzqlf49.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba8a5660, ftCreationTime.dwHighDateTime=0x1d6fe2d, ftLastAccessTime.dwLowDateTime=0x716ceab0, ftLastAccessTime.dwHighDateTime=0x1d6ffc2, ftLastWriteTime.dwLowDateTime=0x716ceab0, ftLastWriteTime.dwHighDateTime=0x1d6ffc2, nFileSizeHigh=0x0, nFileSizeLow=0x10b54)) returned 1 [0096.961] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291c580*, nNumberOfCharsToWrite=0x51, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x1291c580*, lpNumberOfCharsWritten=0x12831778*=0x51) returned 1 [0096.979] SetEvent (hEvent=0x218) returned 1 [0096.979] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x875d7500, ftCreationTime.dwHighDateTime=0x1d7086f, ftLastAccessTime.dwLowDateTime=0xab010460, ftLastAccessTime.dwHighDateTime=0x1d70877, ftLastWriteTime.dwLowDateTime=0xab010460, ftLastWriteTime.dwHighDateTime=0x1d70877, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0096.979] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.980] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\*", lpFindFileData=0x12831930 | out: lpFindFileData=0x12831930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x875d7500, ftCreationTime.dwHighDateTime=0x1d7086f, ftLastAccessTime.dwLowDateTime=0xab010460, ftLastAccessTime.dwHighDateTime=0x1d70877, ftLastWriteTime.dwLowDateTime=0xab010460, ftLastWriteTime.dwHighDateTime=0x1d70877, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0096.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x875d7500, ftCreationTime.dwHighDateTime=0x1d7086f, ftLastAccessTime.dwLowDateTime=0xab010460, ftLastAccessTime.dwHighDateTime=0x1d70877, ftLastWriteTime.dwLowDateTime=0xab010460, ftLastWriteTime.dwHighDateTime=0x1d70877, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67974a50, ftCreationTime.dwHighDateTime=0x1d6fb97, ftLastAccessTime.dwLowDateTime=0x8c671280, ftLastAccessTime.dwHighDateTime=0x1d70875, ftLastWriteTime.dwLowDateTime=0x8c671280, ftLastWriteTime.dwHighDateTime=0x1d70875, nFileSizeHigh=0x0, nFileSizeLow=0x12fa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="lk6mWym4EJDZhiVbitZc.wav", cAlternateFileName="LK6MWY~1.WAV")) returned 1 [0096.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e4ffac0, ftCreationTime.dwHighDateTime=0x1d707d4, ftLastAccessTime.dwLowDateTime=0xd4b82860, ftLastAccessTime.dwHighDateTime=0x1d7089f, ftLastWriteTime.dwLowDateTime=0xd4b82860, ftLastWriteTime.dwHighDateTime=0x1d7089f, nFileSizeHigh=0x0, nFileSizeLow=0x7808, dwReserved0=0x0, dwReserved1=0x0, cFileName="pG2YkrB6YC7l.wav", cAlternateFileName="PG2YKR~1.WAV")) returned 1 [0096.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eda79c0, ftCreationTime.dwHighDateTime=0x1d702c6, ftLastAccessTime.dwLowDateTime=0x777c46e0, ftLastAccessTime.dwHighDateTime=0x1d702d2, ftLastWriteTime.dwLowDateTime=0x777c46e0, ftLastWriteTime.dwHighDateTime=0x1d702d2, nFileSizeHigh=0x0, nFileSizeLow=0x11e0d, dwReserved0=0x0, dwReserved1=0x0, cFileName="sykSo4.wav", cAlternateFileName="")) returned 1 [0096.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x173ce740, ftCreationTime.dwHighDateTime=0x1d6fc32, ftLastAccessTime.dwLowDateTime=0x834dcf70, ftLastAccessTime.dwHighDateTime=0x1d70138, ftLastWriteTime.dwLowDateTime=0x834dcf70, ftLastWriteTime.dwHighDateTime=0x1d70138, nFileSizeHigh=0x0, nFileSizeLow=0x88d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xjg2XcAOL2hUX.mp3", cAlternateFileName="XJG2XC~1.MP3")) returned 1 [0096.980] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.980] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0096.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x128319b4 | out: lpFileInformation=0x128319b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.980] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.980] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0096.981] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0x12831bcc | out: lpMode=0x12831bcc) returned 0 [0096.981] GetFileType (hFile=0x2f4) returned 0x1 [0096.981] WriteFile (in: hFile=0x2f4, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831bbc, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831bbc*=0x2b8, lpOverlapped=0x0) returned 1 [0096.981] CloseHandle (hObject=0x2f4) returned 1 [0096.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\Xjg2XcAOL2hUX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\xjg2xcaol2hux.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x173ce740, ftCreationTime.dwHighDateTime=0x1d6fc32, ftLastAccessTime.dwLowDateTime=0x834dcf70, ftLastAccessTime.dwHighDateTime=0x1d70138, ftLastWriteTime.dwLowDateTime=0x834dcf70, ftLastWriteTime.dwHighDateTime=0x1d70138, nFileSizeHigh=0x0, nFileSizeLow=0x88d4)) returned 1 [0096.982] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c71a00*, nNumberOfCharsToWrite=0x68, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12c71a00*, lpNumberOfCharsWritten=0x12831710*=0x68) returned 1 [0096.999] SetEvent (hEvent=0x218) returned 1 [0096.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\lk6mWym4EJDZhiVbitZc.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\lk6mwym4ejdzhivbitzc.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67974a50, ftCreationTime.dwHighDateTime=0x1d6fb97, ftLastAccessTime.dwLowDateTime=0x8c671280, ftLastAccessTime.dwHighDateTime=0x1d70875, ftLastWriteTime.dwLowDateTime=0x8c671280, ftLastWriteTime.dwHighDateTime=0x1d70875, nFileSizeHigh=0x0, nFileSizeLow=0x12fa6)) returned 1 [0096.999] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12cba380*, nNumberOfCharsToWrite=0x6f, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12cba380*, lpNumberOfCharsWritten=0x12831710*=0x6f) returned 1 [0097.020] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\pG2YkrB6YC7l.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\pg2ykrb6yc7l.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e4ffac0, ftCreationTime.dwHighDateTime=0x1d707d4, ftLastAccessTime.dwLowDateTime=0xd4b82860, ftLastAccessTime.dwHighDateTime=0x1d7089f, ftLastWriteTime.dwLowDateTime=0xd4b82860, ftLastWriteTime.dwHighDateTime=0x1d7089f, nFileSizeHigh=0x0, nFileSizeLow=0x7808)) returned 1 [0097.020] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12998a90*, nNumberOfCharsToWrite=0x67, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12998a90*, lpNumberOfCharsWritten=0x12831710*=0x67) returned 1 [0097.047] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\sykSo4.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\sykso4.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eda79c0, ftCreationTime.dwHighDateTime=0x1d702c6, ftLastAccessTime.dwLowDateTime=0x777c46e0, ftLastAccessTime.dwHighDateTime=0x1d702d2, ftLastWriteTime.dwLowDateTime=0x777c46e0, ftLastWriteTime.dwHighDateTime=0x1d702d2, nFileSizeHigh=0x0, nFileSizeLow=0x11e0d)) returned 1 [0097.047] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12998b60*, nNumberOfCharsToWrite=0x61, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x12998b60*, lpNumberOfCharsWritten=0x12831710*=0x61) returned 1 [0097.064] SetEvent (hEvent=0x218) returned 1 [0097.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\mboAfofw_jCV.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\mboafofw_jcv.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x834a4940, ftCreationTime.dwHighDateTime=0x1d70336, ftLastAccessTime.dwLowDateTime=0xa7c5f610, ftLastAccessTime.dwHighDateTime=0x1d70855, ftLastWriteTime.dwLowDateTime=0xa7c5f610, ftLastWriteTime.dwHighDateTime=0x1d70855, nFileSizeHigh=0x0, nFileSizeLow=0x17d5f)) returned 1 [0097.065] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292e3f0*, nNumberOfCharsToWrite=0x42, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x1292e3f0*, lpNumberOfCharsWritten=0x128317e0*=0x42) returned 1 [0097.090] SetEvent (hEvent=0x218) returned 1 [0097.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\rFMIbNTh6SVXWCF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\rfmibnth6svxwcf.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdb54f0, ftCreationTime.dwHighDateTime=0x1d6fd4d, ftLastAccessTime.dwLowDateTime=0xcf2f2570, ftLastAccessTime.dwHighDateTime=0x1d6ff48, ftLastWriteTime.dwLowDateTime=0xcf2f2570, ftLastWriteTime.dwHighDateTime=0x1d6ff48, nFileSizeHigh=0x0, nFileSizeLow=0x11159)) returned 1 [0097.091] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292e480*, nNumberOfCharsToWrite=0x45, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x1292e480*, lpNumberOfCharsWritten=0x128317e0*=0x45) returned 1 [0097.102] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) returned 0x0 [0097.123] SetEvent (hEvent=0x218) returned 1 [0097.123] WaitForSingleObject (hHandle=0x19c, dwMilliseconds=0xffffffff) Thread: id = 18 os_tid = 0x11d4 [0093.977] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x333aff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x333aff28*=0x1bc) returned 1 [0093.977] VirtualQuery (in: lpAddress=0x333aff38, lpBuffer=0x333aff38, dwLength=0x1c | out: lpBuffer=0x333aff38*(BaseAddress=0x333af000, AllocationBase=0x332b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0093.977] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\MLFJsoANMGkL6.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mlfjsoanmgkl6.png"), fInfoLevelId=0x0, lpFileInformation=0x129cfc44 | out: lpFileInformation=0x129cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eaf4f00, ftCreationTime.dwHighDateTime=0x1d7055a, ftLastAccessTime.dwLowDateTime=0xc51c7070, ftLastAccessTime.dwHighDateTime=0x1d705af, ftLastWriteTime.dwLowDateTime=0xc51c7070, ftLastWriteTime.dwHighDateTime=0x1d705af, nFileSizeHigh=0x0, nFileSizeLow=0xcc40)) returned 1 [0093.977] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\MLFJsoANMGkL6.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mlfjsoanmgkl6.png")) returned 0x20 [0093.978] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\MLFJsoANMGkL6.png", dwFileAttributes=0x20) returned 1 [0093.978] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\MLFJsoANMGkL6.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mlfjsoanmgkl6.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0093.978] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0x129cfe88 | out: lpMode=0x129cfe88) returned 0 [0093.978] GetFileType (hFile=0x1c0) returned 0x1 [0093.978] GetFileType (hFile=0x1c0) returned 0x1 [0093.978] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.978] ReadFile (in: hFile=0x1c0, lpBuffer=0x1288b284, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129cfd14, lpOverlapped=0x0 | out: lpBuffer=0x1288b284*, lpNumberOfBytesRead=0x129cfd14*=0x4, lpOverlapped=0x0) returned 1 [0093.978] SystemFunction036 (in: RandomBuffer=0x128ccb18, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccb18) returned 1 [0093.978] SystemFunction036 (in: RandomBuffer=0x128ccb28, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccb28) returned 1 [0093.978] VirtualAlloc (lpAddress=0x128fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x128fa000 [0093.979] GetFileType (hFile=0x1c0) returned 0x1 [0093.979] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0093.979] ReadFile (in: hFile=0x1c0, lpBuffer=0x128fa000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129cfe80, lpOverlapped=0x0 | out: lpBuffer=0x128fa000*, lpNumberOfBytesRead=0x129cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0093.979] VirtualAlloc (lpAddress=0x12a92000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a92000 [0093.980] GetFileType (hFile=0x1c0) returned 0x1 [0093.980] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0093.980] WriteFile (in: hFile=0x1c0, lpBuffer=0x12a92000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129cfe78, lpOverlapped=0x0 | out: lpBuffer=0x12a92000*, lpNumberOfBytesWritten=0x129cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0093.980] GetFileType (hFile=0x1c0) returned 0x1 [0093.980] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0093.980] SystemFunction036 (in: RandomBuffer=0x128de901, RandomBufferLength=0x40 | out: RandomBuffer=0x128de901) returned 1 [0093.980] VirtualAlloc (lpAddress=0x128fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x128fe000 [0093.981] WriteFile (in: hFile=0x1c0, lpBuffer=0x1288b2e0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x1288b2e0*, lpNumberOfBytesWritten=0x129cfd88*=0x4, lpOverlapped=0x0) returned 1 [0093.981] WriteFile (in: hFile=0x1c0, lpBuffer=0x128dea00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128dea00*, lpNumberOfBytesWritten=0x129cfd88*=0x100, lpOverlapped=0x0) returned 1 [0093.981] CloseHandle (hObject=0x1c0) returned 1 [0094.002] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d0 [0094.002] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d4 [0094.002] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0094.029] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\MLFJsoANMGkL6.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mlfjsoanmgkl6.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\MLFJsoANMGkL6.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mlfjsoanmgkl6.png.crypted"), dwFlags=0x1) returned 1 [0094.754] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\MLFJsoANMGkL6.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\mlfjsoanmgkl6.png")) returned 0xffffffff [0094.757] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0094.794] SetEvent (hEvent=0x118) returned 1 [0094.794] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0094.815] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0094.829] SetEvent (hEvent=0x118) returned 1 [0094.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\AQIRwU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\aqirwu.png"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f54eca0, ftCreationTime.dwHighDateTime=0x1d6ffd5, ftLastAccessTime.dwLowDateTime=0x5f3648f0, ftLastAccessTime.dwHighDateTime=0x1d7017a, ftLastWriteTime.dwLowDateTime=0x5f3648f0, ftLastWriteTime.dwHighDateTime=0x1d7017a, nFileSizeHigh=0x0, nFileSizeLow=0x4b0a)) returned 1 [0094.829] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\AQIRwU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\aqirwu.png")) returned 0x20 [0094.830] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\AQIRwU.png", dwFileAttributes=0x20) returned 1 [0094.830] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\AQIRwU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\aqirwu.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0094.830] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0094.830] GetFileType (hFile=0x204) returned 0x1 [0094.830] GetFileType (hFile=0x204) returned 0x1 [0094.830] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.830] ReadFile (in: hFile=0x204, lpBuffer=0x1290090c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1290090c*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0094.830] SystemFunction036 (in: RandomBuffer=0x12931928, RandomBufferLength=0x10 | out: RandomBuffer=0x12931928) returned 1 [0094.830] SystemFunction036 (in: RandomBuffer=0x12931938, RandomBufferLength=0x10 | out: RandomBuffer=0x12931938) returned 1 [0094.830] VirtualAlloc (lpAddress=0x12ae8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ae8000 [0094.831] GetFileType (hFile=0x204) returned 0x1 [0094.831] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0094.831] ReadFile (in: hFile=0x204, lpBuffer=0x12ae8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12ae8000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.831] VirtualAlloc (lpAddress=0x12aec000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12aec000 [0094.831] GetFileType (hFile=0x204) returned 0x1 [0094.832] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0094.832] WriteFile (in: hFile=0x204, lpBuffer=0x12aec000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12aec000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.832] GetFileType (hFile=0x204) returned 0x1 [0094.832] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0094.832] SystemFunction036 (in: RandomBuffer=0x12ad8a01, RandomBufferLength=0x40 | out: RandomBuffer=0x12ad8a01) returned 1 [0094.832] WriteFile (in: hFile=0x204, lpBuffer=0x12900968*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12900968*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0094.832] WriteFile (in: hFile=0x204, lpBuffer=0x12ad8b00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12ad8b00*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0094.833] CloseHandle (hObject=0x204) returned 1 [0095.123] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0095.188] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\AQIRwU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\aqirwu.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\AQIRwU.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\aqirwu.png.crypted"), dwFlags=0x1) returned 1 [0097.127] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0097.134] SetEvent (hEvent=0x1e4) returned 1 [0097.134] SetEvent (hEvent=0x218) returned 1 [0097.135] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\wzJn2zO_p-yHTkE3g4.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\wzjn2zo_p-yhtke3g4.gif")) returned 0xffffffff [0097.135] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\EI7WNGL9jviw5Iu.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\ei7wngl9jviw5iu.pps")) returned 0xffffffff [0097.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\uUrZ0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\uurz0.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb074490, ftCreationTime.dwHighDateTime=0x1d6fe9b, ftLastAccessTime.dwLowDateTime=0x98515880, ftLastAccessTime.dwHighDateTime=0x1d702d0, ftLastWriteTime.dwLowDateTime=0x98515880, ftLastWriteTime.dwHighDateTime=0x1d702d0, nFileSizeHigh=0x0, nFileSizeLow=0x147d3)) returned 1 [0097.135] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970300*, nNumberOfCharsToWrite=0x3b, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12970300*, lpNumberOfCharsWritten=0x128317e0*=0x3b) returned 1 [0097.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\bUeCDFkN.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\buecdfkn.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fe89350, ftCreationTime.dwHighDateTime=0x1d6ff0d, ftLastAccessTime.dwLowDateTime=0xd046c560, ftLastAccessTime.dwHighDateTime=0x1d70058, ftLastWriteTime.dwLowDateTime=0xd046c560, ftLastWriteTime.dwHighDateTime=0x1d70058, nFileSizeHigh=0x0, nFileSizeLow=0x13b9e)) returned 1 [0097.154] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12868060*, nNumberOfCharsToWrite=0x2f, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12868060*, lpNumberOfCharsWritten=0x12831848*=0x2f) returned 1 [0097.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0097.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\hJz6V.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\hjz6v.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5e28f0, ftCreationTime.dwHighDateTime=0x1d7050b, ftLastAccessTime.dwLowDateTime=0xcd1323d0, ftLastAccessTime.dwHighDateTime=0x1d7070a, ftLastWriteTime.dwLowDateTime=0xcd1323d0, ftLastWriteTime.dwHighDateTime=0x1d7070a, nFileSizeHigh=0x0, nFileSizeLow=0x10e70)) returned 1 [0097.177] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128680c0*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128680c0*, lpNumberOfCharsWritten=0x12831848*=0x2c) returned 1 [0097.197] SetEvent (hEvent=0x2cc) returned 1 [0097.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\jk6FfJO_dz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jk6ffjo_dz.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51bd9f20, ftCreationTime.dwHighDateTime=0x1d7025b, ftLastAccessTime.dwLowDateTime=0x37b62460, ftLastAccessTime.dwHighDateTime=0x1d7041f, ftLastWriteTime.dwLowDateTime=0x37b62460, ftLastWriteTime.dwHighDateTime=0x1d7041f, nFileSizeHigh=0x0, nFileSizeLow=0x6b6d)) returned 1 [0097.197] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128141c0*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128141c0*, lpNumberOfCharsWritten=0x12831848*=0x31) returned 1 [0097.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5f7e9990, ftCreationTime.dwHighDateTime=0x1d6fa48, ftLastAccessTime.dwLowDateTime=0x5a990eb0, ftLastAccessTime.dwHighDateTime=0x1d7026d, ftLastWriteTime.dwLowDateTime=0x5a990eb0, ftLastWriteTime.dwHighDateTime=0x1d7026d, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0097.214] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0097.214] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5f7e9990, ftCreationTime.dwHighDateTime=0x1d6fa48, ftLastAccessTime.dwLowDateTime=0x5a990eb0, ftLastAccessTime.dwHighDateTime=0x1d7026d, ftLastWriteTime.dwLowDateTime=0x5a990eb0, ftLastWriteTime.dwHighDateTime=0x1d7026d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0097.214] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5f7e9990, ftCreationTime.dwHighDateTime=0x1d6fa48, ftLastAccessTime.dwLowDateTime=0x5a990eb0, ftLastAccessTime.dwHighDateTime=0x1d7026d, ftLastWriteTime.dwLowDateTime=0x5a990eb0, ftLastWriteTime.dwHighDateTime=0x1d7026d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.214] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x875992a0, ftCreationTime.dwHighDateTime=0x1d7095a, ftLastAccessTime.dwLowDateTime=0x10aab030, ftLastAccessTime.dwHighDateTime=0x1d70a1d, ftLastWriteTime.dwLowDateTime=0x10aab030, ftLastWriteTime.dwHighDateTime=0x1d70a1d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DBjkoAN", cAlternateFileName="")) returned 1 [0097.214] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7413090, ftCreationTime.dwHighDateTime=0x1d705a7, ftLastAccessTime.dwLowDateTime=0xa56d1ac0, ftLastAccessTime.dwHighDateTime=0x1d707cd, ftLastWriteTime.dwLowDateTime=0xa56d1ac0, ftLastWriteTime.dwHighDateTime=0x1d707cd, nFileSizeHigh=0x0, nFileSizeLow=0xe495, dwReserved0=0x0, dwReserved1=0x0, cFileName="MK7VWoo.mp3", cAlternateFileName="")) returned 1 [0097.214] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95b1740, ftCreationTime.dwHighDateTime=0x1d703a9, ftLastAccessTime.dwLowDateTime=0xeb9f7e0, ftLastAccessTime.dwHighDateTime=0x1d70437, ftLastWriteTime.dwLowDateTime=0xeb9f7e0, ftLastWriteTime.dwHighDateTime=0x1d70437, nFileSizeHigh=0x0, nFileSizeLow=0x7286, dwReserved0=0x0, dwReserved1=0x0, cFileName="nnjv0Ap0trl8.m4a", cAlternateFileName="NNJV0A~1.M4A")) returned 1 [0097.214] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c44d580, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x41c7ac40, ftLastAccessTime.dwHighDateTime=0x1d7074d, ftLastWriteTime.dwLowDateTime=0x41c7ac40, ftLastWriteTime.dwHighDateTime=0x1d7074d, nFileSizeHigh=0x0, nFileSizeLow=0xf00f, dwReserved0=0x0, dwReserved1=0x0, cFileName="PGkxYB cz.mp3", cAlternateFileName="PGKXYB~1.MP3")) returned 1 [0097.214] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd712d9f0, ftCreationTime.dwHighDateTime=0x1d7056d, ftLastAccessTime.dwLowDateTime=0x95a5b770, ftLastAccessTime.dwHighDateTime=0x1d708d9, ftLastWriteTime.dwLowDateTime=0x95a5b770, ftLastWriteTime.dwHighDateTime=0x1d708d9, nFileSizeHigh=0x0, nFileSizeLow=0x97ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tj5pc8WH5_1HOaZF0.m4a", cAlternateFileName="TJ5PC8~1.M4A")) returned 1 [0097.214] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9bfadba0, ftCreationTime.dwHighDateTime=0x1d70398, ftLastAccessTime.dwLowDateTime=0xa758c140, ftLastAccessTime.dwHighDateTime=0x1d70895, ftLastWriteTime.dwLowDateTime=0xa758c140, ftLastWriteTime.dwHighDateTime=0x1d70895, nFileSizeHigh=0x0, nFileSizeLow=0x123e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ujenVfUz-oAJdo.m4a", cAlternateFileName="UJENVF~1.M4A")) returned 1 [0097.214] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.214] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0097.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.215] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0097.218] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0097.218] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0097.218] GetFileType (hFile=0x2fc) returned 0x1 [0097.218] WriteFile (in: hFile=0x2fc, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0097.219] CloseHandle (hObject=0x2fc) returned 1 [0097.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x875992a0, ftCreationTime.dwHighDateTime=0x1d7095a, ftLastAccessTime.dwLowDateTime=0x10aab030, ftLastAccessTime.dwHighDateTime=0x1d70a1d, ftLastWriteTime.dwLowDateTime=0x10aab030, ftLastWriteTime.dwHighDateTime=0x1d70a1d, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0097.219] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0097.220] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\*", lpFindFileData=0x12831998 | out: lpFindFileData=0x12831998*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x875992a0, ftCreationTime.dwHighDateTime=0x1d7095a, ftLastAccessTime.dwLowDateTime=0x10aab030, ftLastAccessTime.dwHighDateTime=0x1d70a1d, ftLastWriteTime.dwLowDateTime=0x10aab030, ftLastWriteTime.dwHighDateTime=0x1d70a1d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0097.220] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x875992a0, ftCreationTime.dwHighDateTime=0x1d7095a, ftLastAccessTime.dwLowDateTime=0x10aab030, ftLastAccessTime.dwHighDateTime=0x1d70a1d, ftLastWriteTime.dwLowDateTime=0x10aab030, ftLastWriteTime.dwHighDateTime=0x1d70a1d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.220] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2497ff0, ftCreationTime.dwHighDateTime=0x1d6fb5f, ftLastAccessTime.dwLowDateTime=0x2e18120, ftLastAccessTime.dwHighDateTime=0x1d708a8, ftLastWriteTime.dwLowDateTime=0x2e18120, ftLastWriteTime.dwHighDateTime=0x1d708a8, nFileSizeHigh=0x0, nFileSizeLow=0xa636, dwReserved0=0x0, dwReserved1=0x0, cFileName="-d7DGeGff4j3KRJnW.mp3", cAlternateFileName="-D7DGE~1.MP3")) returned 1 [0097.220] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10129e10, ftCreationTime.dwHighDateTime=0x1d6ffd9, ftLastAccessTime.dwLowDateTime=0x887b2f10, ftLastAccessTime.dwHighDateTime=0x1d70935, ftLastWriteTime.dwLowDateTime=0x887b2f10, ftLastWriteTime.dwHighDateTime=0x1d70935, nFileSizeHigh=0x0, nFileSizeLow=0x16a76, dwReserved0=0x0, dwReserved1=0x0, cFileName="A16LF.mp3", cAlternateFileName="")) returned 1 [0097.220] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x329fa930, ftCreationTime.dwHighDateTime=0x1d6fdc4, ftLastAccessTime.dwLowDateTime=0xe7ea5f30, ftLastAccessTime.dwHighDateTime=0x1d709bb, ftLastWriteTime.dwLowDateTime=0xe7ea5f30, ftLastWriteTime.dwHighDateTime=0x1d709bb, nFileSizeHigh=0x0, nFileSizeLow=0x15e83, dwReserved0=0x0, dwReserved1=0x0, cFileName="ed92X-Z.mp3", cAlternateFileName="")) returned 1 [0097.220] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x332d97b0, ftCreationTime.dwHighDateTime=0x1d6fdcc, ftLastAccessTime.dwLowDateTime=0xa1c34520, ftLastAccessTime.dwHighDateTime=0x1d706e7, ftLastWriteTime.dwLowDateTime=0xa1c34520, ftLastWriteTime.dwHighDateTime=0x1d706e7, nFileSizeHigh=0x0, nFileSizeLow=0x69b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="kuL1W-h.wav", cAlternateFileName="")) returned 1 [0097.220] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb71160, ftCreationTime.dwHighDateTime=0x1d70795, ftLastAccessTime.dwLowDateTime=0xd7c3b460, ftLastAccessTime.dwHighDateTime=0x1d707d3, ftLastWriteTime.dwLowDateTime=0xd7c3b460, ftLastWriteTime.dwHighDateTime=0x1d707d3, nFileSizeHigh=0x0, nFileSizeLow=0x8c38, dwReserved0=0x0, dwReserved1=0x0, cFileName="nXPIvrum.wav", cAlternateFileName="")) returned 1 [0097.220] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcbf480, ftCreationTime.dwHighDateTime=0x1d706fc, ftLastAccessTime.dwLowDateTime=0xfdb3c780, ftLastAccessTime.dwHighDateTime=0x1d7096a, ftLastWriteTime.dwLowDateTime=0xfdb3c780, ftLastWriteTime.dwHighDateTime=0x1d7096a, nFileSizeHigh=0x0, nFileSizeLow=0x14b5e, dwReserved0=0x0, dwReserved1=0x0, cFileName="tH2U4LxniYTrw.m4a", cAlternateFileName="TH2U4L~1.M4A")) returned 1 [0097.220] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.220] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0097.220] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a1c | out: lpFileInformation=0x12831a1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.220] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0097.220] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0097.221] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x12831c34 | out: lpMode=0x12831c34) returned 0 [0097.221] GetFileType (hFile=0x2fc) returned 0x1 [0097.221] WriteFile (in: hFile=0x2fc, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c24, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c24*=0x2b8, lpOverlapped=0x0) returned 1 [0097.222] CloseHandle (hObject=0x2fc) returned 1 [0097.222] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\-d7DGeGff4j3KRJnW.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\-d7dgegff4j3krjnw.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2497ff0, ftCreationTime.dwHighDateTime=0x1d6fb5f, ftLastAccessTime.dwLowDateTime=0x2e18120, ftLastAccessTime.dwHighDateTime=0x1d708a8, ftLastWriteTime.dwLowDateTime=0x2e18120, ftLastWriteTime.dwHighDateTime=0x1d708a8, nFileSizeHigh=0x0, nFileSizeLow=0xa636)) returned 1 [0097.222] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4460*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a4460*, lpNumberOfCharsWritten=0x12831778*=0x4c) returned 1 [0097.243] SetEvent (hEvent=0x218) returned 1 [0097.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\A16LF.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\a16lf.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10129e10, ftCreationTime.dwHighDateTime=0x1d6ffd9, ftLastAccessTime.dwLowDateTime=0x887b2f10, ftLastAccessTime.dwHighDateTime=0x1d70935, ftLastWriteTime.dwLowDateTime=0x887b2f10, ftLastWriteTime.dwHighDateTime=0x1d70935, nFileSizeHigh=0x0, nFileSizeLow=0x16a76)) returned 1 [0097.243] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ac380*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129ac380*, lpNumberOfCharsWritten=0x12831778*=0x40) returned 1 [0097.259] SetEvent (hEvent=0x218) returned 1 [0097.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\ed92X-Z.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\ed92x-z.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x329fa930, ftCreationTime.dwHighDateTime=0x1d6fdc4, ftLastAccessTime.dwLowDateTime=0xe7ea5f30, ftLastAccessTime.dwHighDateTime=0x1d709bb, ftLastWriteTime.dwLowDateTime=0xe7ea5f30, ftLastWriteTime.dwHighDateTime=0x1d709bb, nFileSizeHigh=0x0, nFileSizeLow=0x15e83)) returned 1 [0097.259] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a0000*, nNumberOfCharsToWrite=0x42, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a0000*, lpNumberOfCharsWritten=0x12831778*=0x42) returned 1 [0097.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\kuL1W-h.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\kul1w-h.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x332d97b0, ftCreationTime.dwHighDateTime=0x1d6fdcc, ftLastAccessTime.dwLowDateTime=0xa1c34520, ftLastAccessTime.dwHighDateTime=0x1d706e7, ftLastWriteTime.dwLowDateTime=0xa1c34520, ftLastWriteTime.dwHighDateTime=0x1d706e7, nFileSizeHigh=0x0, nFileSizeLow=0x69b8)) returned 1 [0097.276] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a0090*, nNumberOfCharsToWrite=0x42, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a0090*, lpNumberOfCharsWritten=0x12831778*=0x42) returned 1 [0097.299] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\nXPIvrum.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\nxpivrum.wav"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb71160, ftCreationTime.dwHighDateTime=0x1d70795, ftLastAccessTime.dwLowDateTime=0xd7c3b460, ftLastAccessTime.dwHighDateTime=0x1d707d3, ftLastWriteTime.dwLowDateTime=0xd7c3b460, ftLastWriteTime.dwHighDateTime=0x1d707d3, nFileSizeHigh=0x0, nFileSizeLow=0x8c38)) returned 1 [0097.299] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a0120*, nNumberOfCharsToWrite=0x43, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a0120*, lpNumberOfCharsWritten=0x12831778*=0x43) returned 1 [0097.317] SetEvent (hEvent=0x1e4) returned 1 [0097.317] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\tH2U4LxniYTrw.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\th2u4lxniytrw.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcbf480, ftCreationTime.dwHighDateTime=0x1d706fc, ftLastAccessTime.dwLowDateTime=0xfdb3c780, ftLastAccessTime.dwHighDateTime=0x1d7096a, ftLastWriteTime.dwLowDateTime=0xfdb3c780, ftLastWriteTime.dwHighDateTime=0x1d7096a, nFileSizeHigh=0x0, nFileSizeLow=0x14b5e)) returned 1 [0097.317] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a0240*, nNumberOfCharsToWrite=0x48, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a0240*, lpNumberOfCharsWritten=0x12831778*=0x48) returned 1 [0097.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\MK7VWoo.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\mk7vwoo.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7413090, ftCreationTime.dwHighDateTime=0x1d705a7, ftLastAccessTime.dwLowDateTime=0xa56d1ac0, ftLastAccessTime.dwHighDateTime=0x1d707cd, ftLastWriteTime.dwLowDateTime=0xa56d1ac0, ftLastWriteTime.dwHighDateTime=0x1d707cd, nFileSizeHigh=0x0, nFileSizeLow=0xe495)) returned 1 [0097.333] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882400*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12882400*, lpNumberOfCharsWritten=0x128317e0*=0x3a) returned 1 [0097.357] SetEvent (hEvent=0x218) returned 1 [0097.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\PGkxYB cz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\pgkxyb cz.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c44d580, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x41c7ac40, ftLastAccessTime.dwHighDateTime=0x1d7074d, ftLastWriteTime.dwLowDateTime=0x41c7ac40, ftLastWriteTime.dwHighDateTime=0x1d7074d, nFileSizeHigh=0x0, nFileSizeLow=0xf00f)) returned 1 [0097.357] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882480*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12882480*, lpNumberOfCharsWritten=0x128317e0*=0x3c) returned 1 [0097.385] SetEvent (hEvent=0x218) returned 1 [0097.385] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\Tj5pc8WH5_1HOaZF0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\tj5pc8wh5_1hoazf0.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd712d9f0, ftCreationTime.dwHighDateTime=0x1d7056d, ftLastAccessTime.dwLowDateTime=0x95a5b770, ftLastAccessTime.dwHighDateTime=0x1d708d9, ftLastWriteTime.dwLowDateTime=0x95a5b770, ftLastWriteTime.dwHighDateTime=0x1d708d9, nFileSizeHigh=0x0, nFileSizeLow=0x97ec)) returned 1 [0097.385] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a02d0*, nNumberOfCharsToWrite=0x44, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129a02d0*, lpNumberOfCharsWritten=0x128317e0*=0x44) returned 1 [0097.403] SetEvent (hEvent=0x218) returned 1 [0097.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\nnjv0Ap0trl8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\nnjv0ap0trl8.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95b1740, ftCreationTime.dwHighDateTime=0x1d703a9, ftLastAccessTime.dwLowDateTime=0xeb9f7e0, ftLastAccessTime.dwHighDateTime=0x1d70437, ftLastWriteTime.dwLowDateTime=0xeb9f7e0, ftLastWriteTime.dwHighDateTime=0x1d70437, nFileSizeHigh=0x0, nFileSizeLow=0x7286)) returned 1 [0097.403] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882880*, nNumberOfCharsToWrite=0x3f, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12882880*, lpNumberOfCharsWritten=0x128317e0*=0x3f) returned 1 [0097.420] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\ujenVfUz-oAJdo.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\ujenvfuz-oajdo.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9bfadba0, ftCreationTime.dwHighDateTime=0x1d70398, ftLastAccessTime.dwLowDateTime=0xa758c140, ftLastAccessTime.dwHighDateTime=0x1d70895, ftLastWriteTime.dwLowDateTime=0xa758c140, ftLastWriteTime.dwHighDateTime=0x1d70895, nFileSizeHigh=0x0, nFileSizeLow=0x123e9)) returned 1 [0097.420] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a03f0*, nNumberOfCharsToWrite=0x41, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129a03f0*, lpNumberOfCharsWritten=0x128317e0*=0x41) returned 1 [0097.437] SetEvent (hEvent=0x1b0) returned 1 [0097.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents" (normalized: "c:\\users\\rdhj0cnfevzx\\my documents"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.437] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents" (normalized: "c:\\users\\rdhj0cnfevzx\\my documents"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x188 [0097.437] GetFileInformationByHandle (in: hFile=0x188, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0097.437] GetFileInformationByHandleEx (in: hFile=0x188, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0097.438] CloseHandle (hObject=0x188) returned 1 [0097.438] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12930320*, nNumberOfCharsToWrite=0x25, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x12930320*, lpNumberOfCharsWritten=0x128318b0*=0x25) returned 1 [0097.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\NTUSER.DAT" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3ce3dbd0, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x91bfd716, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x91bfd716, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x180000)) returned 1 [0097.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TM.blf" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat{62e13464-7ee5-11e5-80c4-a4badb40df56}.tm.blf"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x63434853, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0097.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat{62e13464-7ee5-11e5-80c4-a4badb40df56}.tmcontainer00000000000000000001.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d3026e1, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d3026e1, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6340e659, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0097.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat{62e13464-7ee5-11e5-80c4-a4badb40df56}.tmcontainer00000000000000000002.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d3026e1, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d3026e1, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6340e659, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0097.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\NetHood" (normalized: "c:\\users\\rdhj0cnfevzx\\nethood"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.459] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\NetHood" (normalized: "c:\\users\\rdhj0cnfevzx\\nethood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x2a4 [0097.460] GetFileInformationByHandle (in: hFile=0x2a4, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0097.460] GetFileInformationByHandleEx (in: hFile=0x2a4, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0097.460] CloseHandle (hObject=0x2a4) returned 1 [0097.460] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12b54a00*, nNumberOfCharsToWrite=0x20, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x12b54a00*, lpNumberOfCharsWritten=0x128318b0*=0x20) returned 1 [0097.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.502] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0097.502] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0097.502] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.503] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x84aeda3c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x67, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0097.503] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.505] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0097.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.505] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0097.505] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x188 [0097.505] GetConsoleMode (in: hConsoleHandle=0x188, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0097.505] GetFileType (hFile=0x188) returned 0x1 [0097.506] WriteFile (in: hFile=0x188, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0097.506] CloseHandle (hObject=0x188) returned 1 [0097.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x84aeda3c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x67)) returned 1 [0097.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x523e6e90, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x523e6e90, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0097.507] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0097.507] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x523e6e90, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x523e6e90, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x523e6e90, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x523e6e90, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe54124c0, ftCreationTime.dwHighDateTime=0x1d703b3, ftLastAccessTime.dwLowDateTime=0x64756700, ftLastAccessTime.dwHighDateTime=0x1d70923, ftLastWriteTime.dwLowDateTime=0x64756700, ftLastWriteTime.dwHighDateTime=0x1d70923, nFileSizeHigh=0x0, nFileSizeLow=0x8047, dwReserved0=0x0, dwReserved1=0x0, cFileName="07tca.bmp", cAlternateFileName="")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb940aff0, ftCreationTime.dwHighDateTime=0x1d6fa6a, ftLastAccessTime.dwLowDateTime=0xad740680, ftLastAccessTime.dwHighDateTime=0x1d701f0, ftLastWriteTime.dwLowDateTime=0xad740680, ftLastWriteTime.dwHighDateTime=0x1d701f0, nFileSizeHigh=0x0, nFileSizeLow=0x13099, dwReserved0=0x0, dwReserved1=0x0, cFileName="2bKCQml.jpg", cAlternateFileName="")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd93a2140, ftCreationTime.dwHighDateTime=0x1d6ff8f, ftLastAccessTime.dwLowDateTime=0x8d246110, ftLastAccessTime.dwHighDateTime=0x1d7069e, ftLastWriteTime.dwLowDateTime=0x8d246110, ftLastWriteTime.dwHighDateTime=0x1d7069e, nFileSizeHigh=0x0, nFileSizeLow=0x158b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="2V5CsG2h.jpg", cAlternateFileName="")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42420300, ftCreationTime.dwHighDateTime=0x1d6fda2, ftLastAccessTime.dwLowDateTime=0x409dd3e0, ftLastAccessTime.dwHighDateTime=0x1d7095e, ftLastWriteTime.dwLowDateTime=0x409dd3e0, ftLastWriteTime.dwHighDateTime=0x1d7095e, nFileSizeHigh=0x0, nFileSizeLow=0x175e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="39ONyQqD1_0DcRWHisH.gif", cAlternateFileName="39ONYQ~1.GIF")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6cea7d0, ftCreationTime.dwHighDateTime=0x1d6fb3c, ftLastAccessTime.dwLowDateTime=0xb2099a20, ftLastAccessTime.dwHighDateTime=0x1d709c5, ftLastWriteTime.dwLowDateTime=0xb2099a20, ftLastWriteTime.dwHighDateTime=0x1d709c5, nFileSizeHigh=0x0, nFileSizeLow=0x105ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="8qMv.bmp", cAlternateFileName="")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c30f1f0, ftCreationTime.dwHighDateTime=0x1d7073d, ftLastAccessTime.dwLowDateTime=0x7a83d2f0, ftLastAccessTime.dwHighDateTime=0x1d708a3, ftLastWriteTime.dwLowDateTime=0x7a83d2f0, ftLastWriteTime.dwHighDateTime=0x1d708a3, nFileSizeHigh=0x0, nFileSizeLow=0xab11, dwReserved0=0x0, dwReserved1=0x0, cFileName="95 5vc4ZtmelBq.jpg", cAlternateFileName="955VC4~1.JPG")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5721bd0, ftCreationTime.dwHighDateTime=0x1d6ff24, ftLastAccessTime.dwLowDateTime=0x71939eb0, ftLastAccessTime.dwHighDateTime=0x1d703b6, ftLastWriteTime.dwLowDateTime=0x71939eb0, ftLastWriteTime.dwHighDateTime=0x1d703b6, nFileSizeHigh=0x0, nFileSizeLow=0xab81, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bg3SfdVdr.bmp", cAlternateFileName="BG3SFD~1.BMP")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ad2b0, ftCreationTime.dwHighDateTime=0x1d708bb, ftLastAccessTime.dwLowDateTime=0x79922e40, ftLastAccessTime.dwHighDateTime=0x1d70917, ftLastWriteTime.dwLowDateTime=0x79922e40, ftLastWriteTime.dwHighDateTime=0x1d70917, nFileSizeHigh=0x0, nFileSizeLow=0x17be0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cpuhbF55vB.gif", cAlternateFileName="CPUHBF~1.GIF")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86465850, ftCreationTime.dwHighDateTime=0x1d70872, ftLastAccessTime.dwLowDateTime=0x90ca9730, ftLastAccessTime.dwHighDateTime=0x1d70987, ftLastWriteTime.dwLowDateTime=0x90ca9730, ftLastWriteTime.dwHighDateTime=0x1d70987, nFileSizeHigh=0x0, nFileSizeLow=0x2714, dwReserved0=0x0, dwReserved1=0x0, cFileName="gg43vI1yr8pTZKBdPTM.jpg", cAlternateFileName="GG43VI~1.JPG")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff8dca40, ftCreationTime.dwHighDateTime=0x1d6fc1a, ftLastAccessTime.dwLowDateTime=0x57db4270, ftLastAccessTime.dwHighDateTime=0x1d70587, ftLastWriteTime.dwLowDateTime=0x57db4270, ftLastWriteTime.dwHighDateTime=0x1d70587, nFileSizeHigh=0x0, nFileSizeLow=0xabfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="gNpnccZzyR4yOQ7Kq4.bmp", cAlternateFileName="GNPNCC~1.BMP")) returned 1 [0097.507] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e9b27e0, ftCreationTime.dwHighDateTime=0x1d7068b, ftLastAccessTime.dwLowDateTime=0x90428df0, ftLastAccessTime.dwHighDateTime=0x1d709f4, ftLastWriteTime.dwLowDateTime=0x90428df0, ftLastWriteTime.dwHighDateTime=0x1d709f4, nFileSizeHigh=0x0, nFileSizeLow=0x16812, dwReserved0=0x0, dwReserved1=0x0, cFileName="HUFrMqUQLvETR0w0.png", cAlternateFileName="HUFRMQ~1.PNG")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x383e1a70, ftCreationTime.dwHighDateTime=0x1d70940, ftLastAccessTime.dwLowDateTime=0x14ebda50, ftLastAccessTime.dwHighDateTime=0x1d70a33, ftLastWriteTime.dwLowDateTime=0x14ebda50, ftLastWriteTime.dwHighDateTime=0x1d70a33, nFileSizeHigh=0x0, nFileSizeLow=0x60e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="jr8vAOj2RFtClQI1FqJs.png", cAlternateFileName="JR8VAO~1.PNG")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a8f8f80, ftCreationTime.dwHighDateTime=0x1d7093c, ftLastAccessTime.dwLowDateTime=0x9acadc00, ftLastAccessTime.dwHighDateTime=0x1d70a7b, ftLastWriteTime.dwLowDateTime=0x9acadc00, ftLastWriteTime.dwHighDateTime=0x1d70a7b, nFileSizeHigh=0x0, nFileSizeLow=0x11a71, dwReserved0=0x0, dwReserved1=0x0, cFileName="kZCD.jpg", cAlternateFileName="")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf14af6e0, ftCreationTime.dwHighDateTime=0x1d70383, ftLastAccessTime.dwLowDateTime=0xcc4cc720, ftLastAccessTime.dwHighDateTime=0x1d70508, ftLastWriteTime.dwLowDateTime=0xcc4cc720, ftLastWriteTime.dwHighDateTime=0x1d70508, nFileSizeHigh=0x0, nFileSizeLow=0x88c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="l8LiaunWih5ECuF.gif", cAlternateFileName="L8LIAU~1.GIF")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7027f60, ftCreationTime.dwHighDateTime=0x1d6ff50, ftLastAccessTime.dwLowDateTime=0xbc3d1110, ftLastAccessTime.dwHighDateTime=0x1d70520, ftLastWriteTime.dwLowDateTime=0xbc3d1110, ftLastWriteTime.dwHighDateTime=0x1d70520, nFileSizeHigh=0x0, nFileSizeLow=0x40cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="LL6gyxEm.png", cAlternateFileName="")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65c51520, ftCreationTime.dwHighDateTime=0x1d6fcc5, ftLastAccessTime.dwLowDateTime=0xb021f5a0, ftLastAccessTime.dwHighDateTime=0x1d70186, ftLastWriteTime.dwLowDateTime=0xb021f5a0, ftLastWriteTime.dwHighDateTime=0x1d70186, nFileSizeHigh=0x0, nFileSizeLow=0x3d4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="mh9xwYD.bmp", cAlternateFileName="")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3887a00, ftCreationTime.dwHighDateTime=0x1d6ff0c, ftLastAccessTime.dwLowDateTime=0x4b69a1d0, ftLastAccessTime.dwHighDateTime=0x1d708ac, ftLastWriteTime.dwLowDateTime=0x4b69a1d0, ftLastWriteTime.dwHighDateTime=0x1d708ac, nFileSizeHigh=0x0, nFileSizeLow=0x7684, dwReserved0=0x0, dwReserved1=0x0, cFileName="n5A2AmtZcP5kxq23 MP.jpg", cAlternateFileName="N5A2AM~1.JPG")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28557420, ftCreationTime.dwHighDateTime=0x1d6fdc2, ftLastAccessTime.dwLowDateTime=0x4273a600, ftLastAccessTime.dwHighDateTime=0x1d705d4, ftLastWriteTime.dwLowDateTime=0x4273a600, ftLastWriteTime.dwHighDateTime=0x1d705d4, nFileSizeHigh=0x0, nFileSizeLow=0x4042, dwReserved0=0x0, dwReserved1=0x0, cFileName="NMFJzJl8.jpg", cAlternateFileName="")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4c5d630, ftCreationTime.dwHighDateTime=0x1d6ff9a, ftLastAccessTime.dwLowDateTime=0x8a0b0d70, ftLastAccessTime.dwHighDateTime=0x1d707ee, ftLastWriteTime.dwLowDateTime=0x8a0b0d70, ftLastWriteTime.dwHighDateTime=0x1d707ee, nFileSizeHigh=0x0, nFileSizeLow=0x2bf7, dwReserved0=0x0, dwReserved1=0x0, cFileName="oEH_Z M5ZBY9lEd.jpg", cAlternateFileName="OEH_ZM~1.JPG")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3216a680, ftCreationTime.dwHighDateTime=0x1d6fd29, ftLastAccessTime.dwLowDateTime=0x60769500, ftLastAccessTime.dwHighDateTime=0x1d6fdf4, ftLastWriteTime.dwLowDateTime=0x60769500, ftLastWriteTime.dwHighDateTime=0x1d6fdf4, nFileSizeHigh=0x0, nFileSizeLow=0xbaf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qHoJ-z3pedpS.jpg", cAlternateFileName="QHOJ-Z~1.JPG")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecc21440, ftCreationTime.dwHighDateTime=0x1d70500, ftLastAccessTime.dwLowDateTime=0x49f1c3d0, ftLastAccessTime.dwHighDateTime=0x1d70778, ftLastWriteTime.dwLowDateTime=0x49f1c3d0, ftLastWriteTime.dwHighDateTime=0x1d70778, nFileSizeHigh=0x0, nFileSizeLow=0x150ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="RnOyPWEf6b-wu.gif", cAlternateFileName="RNOYPW~1.GIF")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Pictures", cAlternateFileName="SAVEDP~1")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84a98180, ftCreationTime.dwHighDateTime=0x1d6fc9b, ftLastAccessTime.dwLowDateTime=0xefa29510, ftLastAccessTime.dwHighDateTime=0x1d708c8, ftLastWriteTime.dwLowDateTime=0xefa29510, ftLastWriteTime.dwHighDateTime=0x1d708c8, nFileSizeHigh=0x0, nFileSizeLow=0x122b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="vJ5FE.png", cAlternateFileName="")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ac07bb0, ftCreationTime.dwHighDateTime=0x1d70832, ftLastAccessTime.dwLowDateTime=0x96527460, ftLastAccessTime.dwHighDateTime=0x1d708e8, ftLastWriteTime.dwLowDateTime=0x96527460, ftLastWriteTime.dwHighDateTime=0x1d708e8, nFileSizeHigh=0x0, nFileSizeLow=0xf6dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="VQj8Upe PrP5Xy_.bmp", cAlternateFileName="VQJ8UP~1.BMP")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x985a60c0, ftCreationTime.dwHighDateTime=0x1d70a45, ftLastAccessTime.dwLowDateTime=0x350ff960, ftLastAccessTime.dwHighDateTime=0x1d70a5b, ftLastWriteTime.dwLowDateTime=0x350ff960, ftLastWriteTime.dwHighDateTime=0x1d70a5b, nFileSizeHigh=0x0, nFileSizeLow=0x11d30, dwReserved0=0x0, dwReserved1=0x0, cFileName="wbH2qH6mqYuF9.png", cAlternateFileName="WBH2QH~1.PNG")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x393b4320, ftCreationTime.dwHighDateTime=0x1d70914, ftLastAccessTime.dwLowDateTime=0xd90c3df0, ftLastAccessTime.dwHighDateTime=0x1d70a18, ftLastWriteTime.dwLowDateTime=0xd90c3df0, ftLastWriteTime.dwHighDateTime=0x1d70a18, nFileSizeHigh=0x0, nFileSizeLow=0x1779b, dwReserved0=0x0, dwReserved1=0x0, cFileName="WoPtTB-ZULyBg.gif", cAlternateFileName="WOPTTB~1.GIF")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8466d340, ftCreationTime.dwHighDateTime=0x1d70a7d, ftLastAccessTime.dwLowDateTime=0x440a8230, ftLastAccessTime.dwHighDateTime=0x1d70a80, ftLastWriteTime.dwLowDateTime=0x440a8230, ftLastWriteTime.dwHighDateTime=0x1d70a80, nFileSizeHigh=0x0, nFileSizeLow=0x2997, dwReserved0=0x0, dwReserved1=0x0, cFileName="ymOQymw.png", cAlternateFileName="")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b39ca30, ftCreationTime.dwHighDateTime=0x1d70304, ftLastAccessTime.dwLowDateTime=0xf05bd820, ftLastAccessTime.dwHighDateTime=0x1d708b6, ftLastWriteTime.dwLowDateTime=0xf05bd820, ftLastWriteTime.dwHighDateTime=0x1d708b6, nFileSizeHigh=0x0, nFileSizeLow=0x3910, dwReserved0=0x0, dwReserved1=0x0, cFileName="_DZRGDb6qOo Id v9KRz.jpg", cAlternateFileName="_DZRGD~1.JPG")) returned 1 [0097.508] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.508] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0097.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.508] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0097.509] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x188 [0097.509] GetConsoleMode (in: hConsoleHandle=0x188, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0097.509] GetFileType (hFile=0x188) returned 0x1 [0097.509] WriteFile (in: hFile=0x188, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0097.510] CloseHandle (hObject=0x188) returned 1 [0097.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\07tca.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\07tca.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe54124c0, ftCreationTime.dwHighDateTime=0x1d703b3, ftLastAccessTime.dwLowDateTime=0x64756700, ftLastAccessTime.dwHighDateTime=0x1d70923, ftLastWriteTime.dwLowDateTime=0x64756700, ftLastWriteTime.dwHighDateTime=0x1d70923, nFileSizeHigh=0x0, nFileSizeLow=0x8047)) returned 1 [0097.510] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12a58540*, nNumberOfCharsToWrite=0x2f, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12a58540*, lpNumberOfCharsWritten=0x12831848*=0x2f) returned 1 [0097.522] SetEvent (hEvent=0x2a4) returned 1 [0097.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2V5CsG2h.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2v5csg2h.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd93a2140, ftCreationTime.dwHighDateTime=0x1d6ff8f, ftLastAccessTime.dwLowDateTime=0x8d246110, ftLastAccessTime.dwHighDateTime=0x1d7069e, ftLastWriteTime.dwLowDateTime=0x8d246110, ftLastWriteTime.dwHighDateTime=0x1d7069e, nFileSizeHigh=0x0, nFileSizeLow=0x158b6)) returned 1 [0097.523] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12a5e460*, nNumberOfCharsToWrite=0x32, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12a5e460*, lpNumberOfCharsWritten=0x12831848*=0x32) returned 1 [0097.540] SetEvent (hEvent=0x2a4) returned 1 [0097.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2bKCQml.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2bkcqml.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb940aff0, ftCreationTime.dwHighDateTime=0x1d6fa6a, ftLastAccessTime.dwLowDateTime=0xad740680, ftLastAccessTime.dwHighDateTime=0x1d701f0, ftLastWriteTime.dwLowDateTime=0xad740680, ftLastWriteTime.dwHighDateTime=0x1d701f0, nFileSizeHigh=0x0, nFileSizeLow=0x13099)) returned 1 [0097.540] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12a5e540*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12a5e540*, lpNumberOfCharsWritten=0x12831848*=0x31) returned 1 [0097.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\39ONyQqD1_0DcRWHisH.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\39onyqqd1_0dcrwhish.gif"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42420300, ftCreationTime.dwHighDateTime=0x1d6fda2, ftLastAccessTime.dwLowDateTime=0x409dd3e0, ftLastAccessTime.dwHighDateTime=0x1d7095e, ftLastWriteTime.dwLowDateTime=0x409dd3e0, ftLastWriteTime.dwHighDateTime=0x1d7095e, nFileSizeHigh=0x0, nFileSizeLow=0x175e1)) returned 1 [0097.559] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ac980*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129ac980*, lpNumberOfCharsWritten=0x12831848*=0x3d) returned 1 [0097.577] SetEvent (hEvent=0x13c) returned 1 [0097.577] SetEvent (hEvent=0x260) returned 1 [0097.577] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\8qMv.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\8qmv.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6cea7d0, ftCreationTime.dwHighDateTime=0x1d6fb3c, ftLastAccessTime.dwLowDateTime=0xb2099a20, ftLastAccessTime.dwHighDateTime=0x1d709c5, ftLastWriteTime.dwLowDateTime=0xb2099a20, ftLastWriteTime.dwHighDateTime=0x1d709c5, nFileSizeHigh=0x0, nFileSizeLow=0x105ad)) returned 1 [0097.577] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12868360*, nNumberOfCharsToWrite=0x2e, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12868360*, lpNumberOfCharsWritten=0x12831848*=0x2e) returned 1 [0097.596] SetEvent (hEvent=0x260) returned 1 [0097.597] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\95 5vc4ZtmelBq.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\95 5vc4ztmelbq.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c30f1f0, ftCreationTime.dwHighDateTime=0x1d7073d, ftLastAccessTime.dwLowDateTime=0x7a83d2f0, ftLastAccessTime.dwHighDateTime=0x1d708a3, ftLastWriteTime.dwLowDateTime=0x7a83d2f0, ftLastWriteTime.dwHighDateTime=0x1d708a3, nFileSizeHigh=0x0, nFileSizeLow=0xab11)) returned 1 [0097.597] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12814460*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12814460*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0097.618] SetEvent (hEvent=0x13c) returned 1 [0097.618] SetEvent (hEvent=0x260) returned 1 [0097.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Bg3SfdVdr.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\bg3sfdvdr.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5721bd0, ftCreationTime.dwHighDateTime=0x1d6ff24, ftLastAccessTime.dwLowDateTime=0x71939eb0, ftLastAccessTime.dwHighDateTime=0x1d703b6, ftLastWriteTime.dwLowDateTime=0x71939eb0, ftLastWriteTime.dwHighDateTime=0x1d703b6, nFileSizeHigh=0x0, nFileSizeLow=0xab81)) returned 1 [0097.619] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ce1c0*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ce1c0*, lpNumberOfCharsWritten=0x12831848*=0x33) returned 1 [0097.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.655] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0097.656] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0097.656] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.656] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b10dbc5, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0097.656] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.656] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0097.656] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.656] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0097.656] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0097.658] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0097.658] GetFileType (hFile=0x2fc) returned 0x1 [0097.658] WriteFile (in: hFile=0x2fc, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0097.659] CloseHandle (hObject=0x2fc) returned 1 [0097.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b10dbc5, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe)) returned 1 [0097.661] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\HUFrMqUQLvETR0w0.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hufrmquqlvetr0w0.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e9b27e0, ftCreationTime.dwHighDateTime=0x1d7068b, ftLastAccessTime.dwLowDateTime=0x90428df0, ftLastAccessTime.dwHighDateTime=0x1d709f4, ftLastWriteTime.dwLowDateTime=0x90428df0, ftLastWriteTime.dwHighDateTime=0x1d709f4, nFileSizeHigh=0x0, nFileSizeLow=0x16812)) returned 1 [0097.661] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12883100*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12883100*, lpNumberOfCharsWritten=0x12831848*=0x3a) returned 1 [0097.673] SetEvent (hEvent=0x278) returned 1 [0097.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LL6gyxEm.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ll6gyxem.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7027f60, ftCreationTime.dwHighDateTime=0x1d6ff50, ftLastAccessTime.dwLowDateTime=0xbc3d1110, ftLastAccessTime.dwHighDateTime=0x1d70520, ftLastWriteTime.dwLowDateTime=0xbc3d1110, ftLastWriteTime.dwHighDateTime=0x1d70520, nFileSizeHigh=0x0, nFileSizeLow=0x40cd)) returned 1 [0097.674] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12a5e930*, nNumberOfCharsToWrite=0x32, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12a5e930*, lpNumberOfCharsWritten=0x12831848*=0x32) returned 1 [0097.692] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\NMFJzJl8.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\nmfjzjl8.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28557420, ftCreationTime.dwHighDateTime=0x1d6fdc2, ftLastAccessTime.dwLowDateTime=0x4273a600, ftLastAccessTime.dwHighDateTime=0x1d705d4, ftLastWriteTime.dwLowDateTime=0x4273a600, ftLastWriteTime.dwHighDateTime=0x1d705d4, nFileSizeHigh=0x0, nFileSizeLow=0x4042)) returned 1 [0097.692] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ce540*, nNumberOfCharsToWrite=0x32, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ce540*, lpNumberOfCharsWritten=0x12831848*=0x32) returned 1 [0097.732] SetEvent (hEvent=0x1e4) returned 1 [0097.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\RnOyPWEf6b-wu.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\rnoypwef6b-wu.gif"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecc21440, ftCreationTime.dwHighDateTime=0x1d70500, ftLastAccessTime.dwLowDateTime=0x49f1c3d0, ftLastAccessTime.dwHighDateTime=0x1d70778, ftLastWriteTime.dwLowDateTime=0x49f1c3d0, ftLastWriteTime.dwHighDateTime=0x1d70778, nFileSizeHigh=0x0, nFileSizeLow=0x150ca)) returned 1 [0097.732] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ce620*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ce620*, lpNumberOfCharsWritten=0x12831848*=0x37) returned 1 [0097.749] SetEvent (hEvent=0x1e4) returned 1 [0097.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.760] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0097.760] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0097.764] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.764] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0097.764] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.764] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0097.764] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.764] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0097.764] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0097.766] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0097.766] GetFileType (hFile=0x2fc) returned 0x1 [0097.766] WriteFile (in: hFile=0x2fc, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0097.767] CloseHandle (hObject=0x2fc) returned 1 [0097.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe)) returned 1 [0097.769] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\VQj8Upe PrP5Xy_.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vqj8upe prp5xy_.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ac07bb0, ftCreationTime.dwHighDateTime=0x1d70832, ftLastAccessTime.dwLowDateTime=0x96527460, ftLastAccessTime.dwHighDateTime=0x1d708e8, ftLastWriteTime.dwLowDateTime=0x96527460, ftLastWriteTime.dwHighDateTime=0x1d708e8, nFileSizeHigh=0x0, nFileSizeLow=0xf6dd)) returned 1 [0097.769] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12801500*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12801500*, lpNumberOfCharsWritten=0x12831848*=0x39) returned 1 [0097.779] SetEvent (hEvent=0x1e4) returned 1 [0097.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\WoPtTB-ZULyBg.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wopttb-zulybg.gif"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x393b4320, ftCreationTime.dwHighDateTime=0x1d70914, ftLastAccessTime.dwLowDateTime=0xd90c3df0, ftLastAccessTime.dwHighDateTime=0x1d70a18, ftLastWriteTime.dwLowDateTime=0xd90c3df0, ftLastWriteTime.dwHighDateTime=0x1d70a18, nFileSizeHigh=0x0, nFileSizeLow=0x1779b)) returned 1 [0097.779] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6620*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6620*, lpNumberOfCharsWritten=0x12831848*=0x37) returned 1 [0097.825] SetEvent (hEvent=0x1e4) returned 1 [0097.825] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\_DZRGDb6qOo Id v9KRz.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\_dzrgdb6qoo id v9krz.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b39ca30, ftCreationTime.dwHighDateTime=0x1d70304, ftLastAccessTime.dwLowDateTime=0xf05bd820, ftLastAccessTime.dwHighDateTime=0x1d708b6, ftLastWriteTime.dwLowDateTime=0xf05bd820, ftLastWriteTime.dwHighDateTime=0x1d708b6, nFileSizeHigh=0x0, nFileSizeLow=0x3910)) returned 1 [0097.826] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12883280*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12883280*, lpNumberOfCharsWritten=0x12831848*=0x3e) returned 1 [0097.841] SetEvent (hEvent=0x1e4) returned 1 [0097.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\cpuhbF55vB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\cpuhbf55vb.gif"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ad2b0, ftCreationTime.dwHighDateTime=0x1d708bb, ftLastAccessTime.dwLowDateTime=0x79922e40, ftLastAccessTime.dwHighDateTime=0x1d70917, ftLastWriteTime.dwLowDateTime=0x79922e40, ftLastWriteTime.dwHighDateTime=0x1d70917, nFileSizeHigh=0x0, nFileSizeLow=0x17be0)) returned 1 [0097.843] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128149a0*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128149a0*, lpNumberOfCharsWritten=0x12831848*=0x34) returned 1 [0097.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0097.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gNpnccZzyR4yOQ7Kq4.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gnpncczzyr4yoq7kq4.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff8dca40, ftCreationTime.dwHighDateTime=0x1d6fc1a, ftLastAccessTime.dwLowDateTime=0x57db4270, ftLastAccessTime.dwHighDateTime=0x1d70587, ftLastWriteTime.dwLowDateTime=0x57db4270, ftLastWriteTime.dwHighDateTime=0x1d70587, nFileSizeHigh=0x0, nFileSizeLow=0xabfb)) returned 1 [0097.860] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970f00*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12970f00*, lpNumberOfCharsWritten=0x12831848*=0x3c) returned 1 [0097.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gg43vI1yr8pTZKBdPTM.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gg43vi1yr8ptzkbdptm.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86465850, ftCreationTime.dwHighDateTime=0x1d70872, ftLastAccessTime.dwLowDateTime=0x90ca9730, ftLastAccessTime.dwHighDateTime=0x1d70987, ftLastWriteTime.dwLowDateTime=0x90ca9730, ftLastWriteTime.dwHighDateTime=0x1d70987, nFileSizeHigh=0x0, nFileSizeLow=0x2714)) returned 1 [0097.878] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129acb00*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129acb00*, lpNumberOfCharsWritten=0x12831848*=0x3d) returned 1 [0097.894] SetEvent (hEvent=0x26c) returned 1 [0097.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\jr8vAOj2RFtClQI1FqJs.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jr8vaoj2rftclqi1fqjs.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x383e1a70, ftCreationTime.dwHighDateTime=0x1d70940, ftLastAccessTime.dwLowDateTime=0x14ebda50, ftLastAccessTime.dwHighDateTime=0x1d70a33, ftLastWriteTime.dwLowDateTime=0x14ebda50, ftLastWriteTime.dwHighDateTime=0x1d70a33, nFileSizeHigh=0x0, nFileSizeLow=0x60e6)) returned 1 [0097.894] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129acb80*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129acb80*, lpNumberOfCharsWritten=0x12831848*=0x3e) returned 1 [0097.910] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\kZCD.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\kzcd.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a8f8f80, ftCreationTime.dwHighDateTime=0x1d7093c, ftLastAccessTime.dwLowDateTime=0x9acadc00, ftLastAccessTime.dwHighDateTime=0x1d70a7b, ftLastWriteTime.dwLowDateTime=0x9acadc00, ftLastWriteTime.dwHighDateTime=0x1d70a7b, nFileSizeHigh=0x0, nFileSizeLow=0x11a71)) returned 1 [0097.910] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12a59020*, nNumberOfCharsToWrite=0x2e, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12a59020*, lpNumberOfCharsWritten=0x12831848*=0x2e) returned 1 [0097.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\l8LiaunWih5ECuF.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\l8liaunwih5ecuf.gif"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf14af6e0, ftCreationTime.dwHighDateTime=0x1d70383, ftLastAccessTime.dwLowDateTime=0xcc4cc720, ftLastAccessTime.dwHighDateTime=0x1d70508, ftLastWriteTime.dwLowDateTime=0xcc4cc720, ftLastWriteTime.dwHighDateTime=0x1d70508, nFileSizeHigh=0x0, nFileSizeLow=0x88c7)) returned 1 [0097.957] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12883400*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12883400*, lpNumberOfCharsWritten=0x12831848*=0x39) returned 1 [0097.972] SetEvent (hEvent=0x260) returned 1 [0097.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\mh9xwYD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\mh9xwyd.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65c51520, ftCreationTime.dwHighDateTime=0x1d6fcc5, ftLastAccessTime.dwLowDateTime=0xb021f5a0, ftLastAccessTime.dwHighDateTime=0x1d70186, ftLastWriteTime.dwLowDateTime=0xb021f5a0, ftLastWriteTime.dwHighDateTime=0x1d70186, nFileSizeHigh=0x0, nFileSizeLow=0x3d4c)) returned 1 [0097.972] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128cee00*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128cee00*, lpNumberOfCharsWritten=0x12831848*=0x31) returned 1 [0098.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\n5A2AmtZcP5kxq23 MP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\n5a2amtzcp5kxq23 mp.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3887a00, ftCreationTime.dwHighDateTime=0x1d6ff0c, ftLastAccessTime.dwLowDateTime=0x4b69a1d0, ftLastAccessTime.dwHighDateTime=0x1d708ac, ftLastWriteTime.dwLowDateTime=0x4b69a1d0, ftLastWriteTime.dwHighDateTime=0x1d708ac, nFileSizeHigh=0x0, nFileSizeLow=0x7684)) returned 1 [0098.103] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12971080*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12971080*, lpNumberOfCharsWritten=0x12831848*=0x3d) returned 1 [0098.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\oEH_Z M5ZBY9lEd.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\oeh_z m5zby9led.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4c5d630, ftCreationTime.dwHighDateTime=0x1d6ff9a, ftLastAccessTime.dwLowDateTime=0x8a0b0d70, ftLastAccessTime.dwHighDateTime=0x1d707ee, ftLastWriteTime.dwLowDateTime=0x8a0b0d70, ftLastWriteTime.dwHighDateTime=0x1d707ee, nFileSizeHigh=0x0, nFileSizeLow=0x2bf7)) returned 1 [0098.186] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12971100*, nNumberOfCharsToWrite=0x39, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12971100*, lpNumberOfCharsWritten=0x12831848*=0x39) returned 1 [0098.245] SetEvent (hEvent=0x1a4) returned 1 [0098.245] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\qHoJ-z3pedpS.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\qhoj-z3pedps.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3216a680, ftCreationTime.dwHighDateTime=0x1d6fd29, ftLastAccessTime.dwLowDateTime=0x60769500, ftLastAccessTime.dwHighDateTime=0x1d6fdf4, ftLastWriteTime.dwLowDateTime=0x60769500, ftLastWriteTime.dwHighDateTime=0x1d6fdf4, nFileSizeHigh=0x0, nFileSizeLow=0xbaf0)) returned 1 [0098.246] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ceee0*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ceee0*, lpNumberOfCharsWritten=0x12831848*=0x36) returned 1 [0098.326] SetEvent (hEvent=0x1a4) returned 1 [0098.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vJ5FE.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vj5fe.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84a98180, ftCreationTime.dwHighDateTime=0x1d6fc9b, ftLastAccessTime.dwLowDateTime=0xefa29510, ftLastAccessTime.dwHighDateTime=0x1d708c8, ftLastWriteTime.dwLowDateTime=0xefa29510, ftLastWriteTime.dwHighDateTime=0x1d708c8, nFileSizeHigh=0x0, nFileSizeLow=0x122b3)) returned 1 [0098.326] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12bb48a0*, nNumberOfCharsToWrite=0x2f, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12bb48a0*, lpNumberOfCharsWritten=0x12831848*=0x2f) returned 1 [0098.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\wbH2qH6mqYuF9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wbh2qh6mqyuf9.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x985a60c0, ftCreationTime.dwHighDateTime=0x1d70a45, ftLastAccessTime.dwLowDateTime=0x350ff960, ftLastAccessTime.dwHighDateTime=0x1d70a5b, ftLastWriteTime.dwLowDateTime=0x350ff960, ftLastWriteTime.dwHighDateTime=0x1d70a5b, nFileSizeHigh=0x0, nFileSizeLow=0x11d30)) returned 1 [0098.341] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6cb0*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6cb0*, lpNumberOfCharsWritten=0x12831848*=0x37) returned 1 [0098.364] SetEvent (hEvent=0x278) returned 1 [0098.364] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ymOQymw.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ymoqymw.png"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8466d340, ftCreationTime.dwHighDateTime=0x1d70a7d, ftLastAccessTime.dwLowDateTime=0x440a8230, ftLastAccessTime.dwHighDateTime=0x1d70a80, ftLastWriteTime.dwLowDateTime=0x440a8230, ftLastWriteTime.dwHighDateTime=0x1d70a80, nFileSizeHigh=0x0, nFileSizeLow=0x2997)) returned 1 [0098.364] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6d20*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6d20*, lpNumberOfCharsWritten=0x12831848*=0x31) returned 1 [0099.003] SetEvent (hEvent=0x278) returned 1 [0099.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\PrintHood" (normalized: "c:\\users\\rdhj0cnfevzx\\printhood"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.003] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\PrintHood" (normalized: "c:\\users\\rdhj0cnfevzx\\printhood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x274 [0099.003] GetFileInformationByHandle (in: hFile=0x274, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0099.003] GetFileInformationByHandleEx (in: hFile=0x274, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0099.003] CloseHandle (hObject=0x274) returned 1 [0099.003] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12817d60*, nNumberOfCharsToWrite=0x22, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x12817d60*, lpNumberOfCharsWritten=0x128318b0*=0x22) returned 1 [0099.026] SetEvent (hEvent=0x278) returned 1 [0099.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent" (normalized: "c:\\users\\rdhj0cnfevzx\\recent"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.026] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent" (normalized: "c:\\users\\rdhj0cnfevzx\\recent"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x2fc [0099.026] GetFileInformationByHandle (in: hFile=0x2fc, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0099.026] GetFileInformationByHandleEx (in: hFile=0x2fc, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0099.026] CloseHandle (hObject=0x2fc) returned 1 [0099.026] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12ac1d80*, nNumberOfCharsToWrite=0x1f, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x12ac1d80*, lpNumberOfCharsWritten=0x128318b0*=0x1f) returned 1 [0099.039] SetEvent (hEvent=0x278) returned 1 [0099.039] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.039] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.039] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.039] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.039] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.039] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.039] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.040] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.040] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.040] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.040] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0099.040] GetFileType (hFile=0x274) returned 0x1 [0099.040] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0099.041] CloseHandle (hObject=0x274) returned 1 [0099.041] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0099.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches" (normalized: "c:\\users\\rdhj0cnfevzx\\searches"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.042] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches" (normalized: "c:\\users\\rdhj0cnfevzx\\searches"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.042] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.042] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.042] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.042] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x437a1142, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0099.042] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x4377acca, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4377acca, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4377acca, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0099.042] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.042] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.042] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.042] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.067] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0099.067] GetFileType (hFile=0x274) returned 0x1 [0099.067] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0099.068] CloseHandle (hObject=0x274) returned 1 [0099.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\everywhere.search-ms"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x437a1142, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0099.068] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.078] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.112] SetEvent (hEvent=0x260) returned 1 [0099.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\everywhere.search-ms"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x437a1142, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0099.113] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\everywhere.search-ms")) returned 0x23 [0099.113] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms", dwFileAttributes=0x22) returned 1 [0099.113] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.113] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.113] GetFileType (hFile=0x274) returned 0x1 [0099.113] SystemFunction036 (in: RandomBuffer=0x128cd1a8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd1a8) returned 1 [0099.113] SystemFunction036 (in: RandomBuffer=0x128cd1b8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd1b8) returned 1 [0099.114] GetFileType (hFile=0x274) returned 0x1 [0099.114] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.114] ReadFile (in: hFile=0x274, lpBuffer=0x12972000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12972000*, lpNumberOfBytesRead=0x12915e80*=0xf8, lpOverlapped=0x0) returned 1 [0099.114] GetFileType (hFile=0x274) returned 0x1 [0099.114] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.115] WriteFile (in: hFile=0x274, lpBuffer=0x1294a800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x1294a800*, lpNumberOfBytesWritten=0x12915e78*=0x100, lpOverlapped=0x0) returned 1 [0099.115] GetFileType (hFile=0x274) returned 0x1 [0099.115] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.115] SystemFunction036 (in: RandomBuffer=0x1294a901, RandomBufferLength=0x40 | out: RandomBuffer=0x1294a901) returned 1 [0099.115] WriteFile (in: hFile=0x274, lpBuffer=0x1298e4f4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e4f4*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.115] WriteFile (in: hFile=0x274, lpBuffer=0x1294aa00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1294aa00*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.115] CloseHandle (hObject=0x274) returned 1 [0099.116] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\everywhere.search-ms"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\everywhere.search-ms.crypted"), dwFlags=0x1) returned 1 [0099.117] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\everywhere.search-ms")) returned 0xffffffff [0099.117] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.183] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.269] SetEvent (hEvent=0x260) returned 1 [0099.269] VirtualFree (lpAddress=0x12dd2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.270] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.377] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.390] SetEvent (hEvent=0x278) returned 1 [0099.390] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\HZCrml MO689itQovwz.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\hzcrml mo689itqovwz.flv"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4f1cff0, ftCreationTime.dwHighDateTime=0x1d6fab1, ftLastAccessTime.dwLowDateTime=0x8c335090, ftLastAccessTime.dwHighDateTime=0x1d7034c, ftLastWriteTime.dwLowDateTime=0x8c335090, ftLastWriteTime.dwHighDateTime=0x1d7034c, nFileSizeHigh=0x0, nFileSizeLow=0x2c2a)) returned 1 [0099.391] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\HZCrml MO689itQovwz.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\hzcrml mo689itqovwz.flv")) returned 0x20 [0099.391] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\HZCrml MO689itQovwz.flv", dwFileAttributes=0x20) returned 1 [0099.391] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\HZCrml MO689itQovwz.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\hzcrml mo689itqovwz.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.391] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0099.391] GetFileType (hFile=0x274) returned 0x1 [0099.391] GetFileType (hFile=0x274) returned 0x1 [0099.391] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.391] ReadFile (in: hFile=0x274, lpBuffer=0x1281069c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x1281069c*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0099.392] SystemFunction036 (in: RandomBuffer=0x129a39c8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a39c8) returned 1 [0099.392] SystemFunction036 (in: RandomBuffer=0x129a39d8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a39d8) returned 1 [0099.392] GetFileType (hFile=0x274) returned 0x1 [0099.392] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.392] ReadFile (in: hFile=0x274, lpBuffer=0x129fa000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x129fa000*, lpNumberOfBytesRead=0x12b11e80*=0x2c2a, lpOverlapped=0x0) returned 1 [0099.392] GetFileType (hFile=0x274) returned 0x1 [0099.392] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.392] WriteFile (in: hFile=0x274, lpBuffer=0x129e9000*, nNumberOfBytesToWrite=0x2c30, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x129e9000*, lpNumberOfBytesWritten=0x12b11e78*=0x2c30, lpOverlapped=0x0) returned 1 [0099.392] GetFileType (hFile=0x274) returned 0x1 [0099.392] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.392] SystemFunction036 (in: RandomBuffer=0x1299b201, RandomBufferLength=0x40 | out: RandomBuffer=0x1299b201) returned 1 [0099.393] WriteFile (in: hFile=0x274, lpBuffer=0x12810708*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12810708*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0099.393] WriteFile (in: hFile=0x274, lpBuffer=0x1299b300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1299b300*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0099.393] CloseHandle (hObject=0x274) returned 1 [0099.394] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\HZCrml MO689itQovwz.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\hzcrml mo689itqovwz.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\HZCrml MO689itQovwz.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\hzcrml mo689itqovwz.flv.crypted"), dwFlags=0x1) returned 1 [0099.395] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\HZCrml MO689itQovwz.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\hzcrml mo689itqovwz.flv")) returned 0xffffffff [0099.395] SetEvent (hEvent=0x260) returned 1 [0099.395] VirtualFree (lpAddress=0x12dce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.395] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.493] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.510] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.521] SetEvent (hEvent=0x260) returned 1 [0099.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\4coWhXgRWgb.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\4cowhxgrwgb.avi"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9d16f80, ftCreationTime.dwHighDateTime=0x1d6fd56, ftLastAccessTime.dwLowDateTime=0x68dd5b80, ftLastAccessTime.dwHighDateTime=0x1d707a3, ftLastWriteTime.dwLowDateTime=0x68dd5b80, ftLastWriteTime.dwHighDateTime=0x1d707a3, nFileSizeHigh=0x0, nFileSizeLow=0x69de)) returned 1 [0099.521] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\4coWhXgRWgb.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\4cowhxgrwgb.avi")) returned 0x20 [0099.521] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\4coWhXgRWgb.avi", dwFileAttributes=0x20) returned 1 [0099.522] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\4coWhXgRWgb.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\4cowhxgrwgb.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.522] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.522] GetFileType (hFile=0x274) returned 0x1 [0099.522] GetFileType (hFile=0x274) returned 0x1 [0099.522] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.522] ReadFile (in: hFile=0x274, lpBuffer=0x1298e628, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e628*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0099.522] SystemFunction036 (in: RandomBuffer=0x128cde78, RandomBufferLength=0x10 | out: RandomBuffer=0x128cde78) returned 1 [0099.522] SystemFunction036 (in: RandomBuffer=0x128cde88, RandomBufferLength=0x10 | out: RandomBuffer=0x128cde88) returned 1 [0099.522] GetFileType (hFile=0x274) returned 0x1 [0099.522] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.522] ReadFile (in: hFile=0x274, lpBuffer=0x12ba4000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12ba4000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.523] GetFileType (hFile=0x274) returned 0x1 [0099.523] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.523] WriteFile (in: hFile=0x274, lpBuffer=0x12ba8000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12ba8000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.523] GetFileType (hFile=0x274) returned 0x1 [0099.523] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.523] SystemFunction036 (in: RandomBuffer=0x1294b501, RandomBufferLength=0x40 | out: RandomBuffer=0x1294b501) returned 1 [0099.524] WriteFile (in: hFile=0x274, lpBuffer=0x1298e684*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e684*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.524] WriteFile (in: hFile=0x274, lpBuffer=0x1294b600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1294b600*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.524] CloseHandle (hObject=0x274) returned 1 [0099.525] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\4coWhXgRWgb.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\4cowhxgrwgb.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\4coWhXgRWgb.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\4cowhxgrwgb.avi.crypted"), dwFlags=0x1) returned 1 [0099.526] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\4coWhXgRWgb.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\4cowhxgrwgb.avi")) returned 0xffffffff [0099.526] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.573] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\g0lJSnouVtC.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\g0ljsnouvtc.avi"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb9fdf0, ftCreationTime.dwHighDateTime=0x1d709e7, ftLastAccessTime.dwLowDateTime=0x4dfff2e0, ftLastAccessTime.dwHighDateTime=0x1d70a06, ftLastWriteTime.dwLowDateTime=0x4dfff2e0, ftLastWriteTime.dwHighDateTime=0x1d70a06, nFileSizeHigh=0x0, nFileSizeLow=0x17c4d)) returned 1 [0099.635] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\g0lJSnouVtC.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\g0ljsnouvtc.avi")) returned 0x20 [0099.635] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\g0lJSnouVtC.avi", dwFileAttributes=0x20) returned 1 [0099.636] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\g0lJSnouVtC.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\g0ljsnouvtc.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.636] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.636] GetFileType (hFile=0x274) returned 0x1 [0099.636] GetFileType (hFile=0x274) returned 0x1 [0099.636] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.636] ReadFile (in: hFile=0x274, lpBuffer=0x1298e6a4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e6a4*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0099.637] SystemFunction036 (in: RandomBuffer=0x12be4118, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4118) returned 1 [0099.637] SystemFunction036 (in: RandomBuffer=0x12be4128, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4128) returned 1 [0099.637] VirtualAlloc (lpAddress=0x12d00000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d00000 [0099.637] GetFileType (hFile=0x274) returned 0x1 [0099.637] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.638] ReadFile (in: hFile=0x274, lpBuffer=0x12d00000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12d00000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.638] VirtualAlloc (lpAddress=0x12d04000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d04000 [0099.639] GetFileType (hFile=0x274) returned 0x1 [0099.639] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.639] WriteFile (in: hFile=0x274, lpBuffer=0x12d04000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12d04000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.639] GetFileType (hFile=0x274) returned 0x1 [0099.639] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.639] SystemFunction036 (in: RandomBuffer=0x1294ba01, RandomBufferLength=0x40 | out: RandomBuffer=0x1294ba01) returned 1 [0099.640] WriteFile (in: hFile=0x274, lpBuffer=0x1298e700*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e700*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.643] WriteFile (in: hFile=0x274, lpBuffer=0x1294bb00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1294bb00*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.643] CloseHandle (hObject=0x274) returned 1 [0099.655] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\g0lJSnouVtC.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\g0ljsnouvtc.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\g0lJSnouVtC.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\g0ljsnouvtc.avi.crypted"), dwFlags=0x1) returned 1 [0099.656] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\g0lJSnouVtC.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\g0ljsnouvtc.avi")) returned 0xffffffff [0099.656] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x333afa04, ulCount=0x10, ulNumEntriesRemoved=0x333af9ec, dwMilliseconds=0x25, fAlertable=0 | out: lpCompletionPortEntries=0x333afa04, ulNumEntriesRemoved=0x333af9ec) returned 0 [0099.747] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x333afa04, ulCount=0x10, ulNumEntriesRemoved=0x333af9ec, dwMilliseconds=0x3, fAlertable=0 | out: lpCompletionPortEntries=0x333afa04, ulNumEntriesRemoved=0x333af9ec) returned 0 [0099.759] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x333afa04, ulCount=0x10, ulNumEntriesRemoved=0x333af9ec, dwMilliseconds=0x42, fAlertable=0 | out: lpCompletionPortEntries=0x333afa04, ulNumEntriesRemoved=0x333af9ec) returned 0 [0099.851] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x333afa04, ulCount=0x10, ulNumEntriesRemoved=0x333af9ec, dwMilliseconds=0x1a, fAlertable=0 | out: lpCompletionPortEntries=0x333afa04, ulNumEntriesRemoved=0x333af9ec) returned 0 [0099.902] SetEvent (hEvent=0x1e4) returned 1 [0099.902] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.910] SetEvent (hEvent=0x26c) returned 1 [0099.910] SetEvent (hEvent=0x1e4) returned 1 [0099.910] SetEvent (hEvent=0x278) returned 1 [0099.910] VirtualFree (lpAddress=0x12dbc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.911] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0099.982] VirtualFree (lpAddress=0x12dba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\_aFJYVh irMQXFQ3AT.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\_afjyvh irmqxfq3at.flv"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa96e4a0, ftCreationTime.dwHighDateTime=0x1d6fa57, ftLastAccessTime.dwLowDateTime=0x8dc0bed0, ftLastAccessTime.dwHighDateTime=0x1d70382, ftLastWriteTime.dwLowDateTime=0x8dc0bed0, ftLastWriteTime.dwHighDateTime=0x1d70382, nFileSizeHigh=0x0, nFileSizeLow=0x15075)) returned 1 [0099.983] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\_aFJYVh irMQXFQ3AT.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\_afjyvh irmqxfq3at.flv")) returned 0x20 [0099.983] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\_aFJYVh irMQXFQ3AT.flv", dwFileAttributes=0x20) returned 1 [0099.983] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\_aFJYVh irMQXFQ3AT.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\_afjyvh irmqxfq3at.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.983] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.983] GetFileType (hFile=0x274) returned 0x1 [0099.984] GetFileType (hFile=0x274) returned 0x1 [0099.984] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.984] ReadFile (in: hFile=0x274, lpBuffer=0x1298e004, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e004*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0099.984] SystemFunction036 (in: RandomBuffer=0x128160c8, RandomBufferLength=0x10 | out: RandomBuffer=0x128160c8) returned 1 [0099.984] SystemFunction036 (in: RandomBuffer=0x128160d8, RandomBufferLength=0x10 | out: RandomBuffer=0x128160d8) returned 1 [0099.984] GetFileType (hFile=0x274) returned 0x1 [0099.984] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.984] ReadFile (in: hFile=0x274, lpBuffer=0x12c4a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12c4a000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.984] GetFileType (hFile=0x274) returned 0x1 [0099.984] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.984] WriteFile (in: hFile=0x274, lpBuffer=0x12d80000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12d80000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.985] GetFileType (hFile=0x274) returned 0x1 [0099.985] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.985] SystemFunction036 (in: RandomBuffer=0x12c90001, RandomBufferLength=0x40 | out: RandomBuffer=0x12c90001) returned 1 [0099.985] WriteFile (in: hFile=0x274, lpBuffer=0x1298e060*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e060*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.985] WriteFile (in: hFile=0x274, lpBuffer=0x12c90100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12c90100*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.985] CloseHandle (hObject=0x274) returned 1 [0099.988] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\_aFJYVh irMQXFQ3AT.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\_afjyvh irmqxfq3at.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\_aFJYVh irMQXFQ3AT.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\_afjyvh irmqxfq3at.flv.crypted"), dwFlags=0x1) returned 1 [0099.989] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\_aFJYVh irMQXFQ3AT.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\_afjyvh irmqxfq3at.flv")) returned 0xffffffff [0099.989] SwitchToThread () returned 1 [0100.021] SetEvent (hEvent=0x260) returned 1 [0100.021] VirtualFree (lpAddress=0x12db8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.021] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0100.350] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0100.370] SetEvent (hEvent=0x260) returned 1 [0100.370] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\W6cGYh-ZpuhCp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\w6cgyh-zpuhcp.flv"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f758a80, ftCreationTime.dwHighDateTime=0x1d704aa, ftLastAccessTime.dwLowDateTime=0x5f37f6b0, ftLastAccessTime.dwHighDateTime=0x1d70598, ftLastWriteTime.dwLowDateTime=0x5f37f6b0, ftLastWriteTime.dwHighDateTime=0x1d70598, nFileSizeHigh=0x0, nFileSizeLow=0x112f9)) returned 1 [0100.371] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\W6cGYh-ZpuhCp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\w6cgyh-zpuhcp.flv")) returned 0x20 [0100.371] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\W6cGYh-ZpuhCp.flv", dwFileAttributes=0x20) returned 1 [0100.371] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\W6cGYh-ZpuhCp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\w6cgyh-zpuhcp.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.371] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0100.371] GetFileType (hFile=0x274) returned 0x1 [0100.371] GetFileType (hFile=0x274) returned 0x1 [0100.371] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.372] ReadFile (in: hFile=0x274, lpBuffer=0x12900130, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x12900130*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0100.372] SystemFunction036 (in: RandomBuffer=0x12d3a6b8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d3a6b8) returned 1 [0100.372] SystemFunction036 (in: RandomBuffer=0x12d3a6c8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d3a6c8) returned 1 [0100.372] GetFileType (hFile=0x274) returned 0x1 [0100.372] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0100.372] ReadFile (in: hFile=0x274, lpBuffer=0x12d74000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12d74000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0100.372] GetFileType (hFile=0x274) returned 0x1 [0100.372] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0100.372] WriteFile (in: hFile=0x274, lpBuffer=0x12d78000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12d78000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0100.372] GetFileType (hFile=0x274) returned 0x1 [0100.372] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0100.373] SystemFunction036 (in: RandomBuffer=0x12d48901, RandomBufferLength=0x40 | out: RandomBuffer=0x12d48901) returned 1 [0100.373] WriteFile (in: hFile=0x274, lpBuffer=0x1290018c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x1290018c*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0100.373] WriteFile (in: hFile=0x274, lpBuffer=0x12d48a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12d48a00*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0100.373] CloseHandle (hObject=0x274) returned 1 [0100.376] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\W6cGYh-ZpuhCp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\w6cgyh-zpuhcp.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\W6cGYh-ZpuhCp.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\w6cgyh-zpuhcp.flv.crypted"), dwFlags=0x1) returned 1 [0100.450] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\W6cGYh-ZpuhCp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\w6cgyh-zpuhcp.flv")) returned 0xffffffff [0100.450] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) Thread: id = 19 os_tid = 0xb10 [0093.909] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x334eff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x334eff28*=0x1a8) returned 1 [0093.909] VirtualQuery (in: lpAddress=0x334eff38, lpBuffer=0x334eff38, dwLength=0x1c | out: lpBuffer=0x334eff38*(BaseAddress=0x334ef000, AllocationBase=0x333f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0093.910] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NbdjCTHjUzBe.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nbdjcthjuzbe.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe876fc20, ftCreationTime.dwHighDateTime=0x1d701d6, ftLastAccessTime.dwLowDateTime=0x76183440, ftLastAccessTime.dwHighDateTime=0x1d703e9, ftLastWriteTime.dwLowDateTime=0x76183440, ftLastWriteTime.dwHighDateTime=0x1d703e9, nFileSizeHigh=0x0, nFileSizeLow=0x4700)) returned 1 [0093.910] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NbdjCTHjUzBe.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nbdjcthjuzbe.jpg")) returned 0x20 [0093.910] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NbdjCTHjUzBe.jpg", dwFileAttributes=0x20) returned 1 [0093.910] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NbdjCTHjUzBe.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nbdjcthjuzbe.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0093.910] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0093.910] GetFileType (hFile=0x1ac) returned 0x1 [0093.910] GetFileType (hFile=0x1ac) returned 0x1 [0093.910] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.910] ReadFile (in: hFile=0x1ac, lpBuffer=0x1298e15c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e15c*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0093.910] SystemFunction036 (in: RandomBuffer=0x129a2438, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2438) returned 1 [0093.910] SystemFunction036 (in: RandomBuffer=0x129a2448, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2448) returned 1 [0093.910] VirtualAlloc (lpAddress=0x129c6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129c6000 [0093.911] GetFileType (hFile=0x1ac) returned 0x1 [0093.911] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0093.911] ReadFile (in: hFile=0x1ac, lpBuffer=0x129c6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x129c6000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0093.911] VirtualAlloc (lpAddress=0x129ca000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129ca000 [0093.912] GetFileType (hFile=0x1ac) returned 0x1 [0093.912] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0093.912] WriteFile (in: hFile=0x1ac, lpBuffer=0x129ca000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x129ca000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0093.912] GetFileType (hFile=0x1ac) returned 0x1 [0093.912] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0093.912] SystemFunction036 (in: RandomBuffer=0x129b8301, RandomBufferLength=0x40 | out: RandomBuffer=0x129b8301) returned 1 [0093.912] WriteFile (in: hFile=0x1ac, lpBuffer=0x1298e1b8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e1b8*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0093.912] WriteFile (in: hFile=0x1ac, lpBuffer=0x129b8400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x129b8400*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0093.913] CloseHandle (hObject=0x1ac) returned 1 [0094.001] VirtualAlloc (lpAddress=0x129d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129d6000 [0094.002] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NbdjCTHjUzBe.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nbdjcthjuzbe.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NbdjCTHjUzBe.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nbdjcthjuzbe.jpg.crypted"), dwFlags=0x1) returned 1 [0094.751] SetEvent (hEvent=0x13c) returned 1 [0094.751] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NbdjCTHjUzBe.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nbdjcthjuzbe.jpg")) returned 0xffffffff [0094.754] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e4 [0094.754] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1ac [0094.754] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0094.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\3W3Heu.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\3w3heu.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12a71c44 | out: lpFileInformation=0x12a71c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7da5eaf0, ftCreationTime.dwHighDateTime=0x1d6fca4, ftLastAccessTime.dwLowDateTime=0xec015e10, ftLastAccessTime.dwHighDateTime=0x1d6fe36, ftLastWriteTime.dwLowDateTime=0xec015e10, ftLastWriteTime.dwHighDateTime=0x1d6fe36, nFileSizeHigh=0x0, nFileSizeLow=0x8823)) returned 1 [0094.795] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\3W3Heu.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\3w3heu.mkv")) returned 0x20 [0094.795] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\3W3Heu.mkv", dwFileAttributes=0x20) returned 1 [0094.795] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\3W3Heu.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\3w3heu.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0094.795] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0x12a71e88 | out: lpMode=0x12a71e88) returned 0 [0094.795] GetFileType (hFile=0x1c0) returned 0x1 [0094.795] GetFileType (hFile=0x1c0) returned 0x1 [0094.795] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.795] ReadFile (in: hFile=0x1c0, lpBuffer=0x12810668, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a71d14, lpOverlapped=0x0 | out: lpBuffer=0x12810668*, lpNumberOfBytesRead=0x12a71d14*=0x4, lpOverlapped=0x0) returned 1 [0094.795] SystemFunction036 (in: RandomBuffer=0x12817298, RandomBufferLength=0x10 | out: RandomBuffer=0x12817298) returned 1 [0094.795] SystemFunction036 (in: RandomBuffer=0x128172a8, RandomBufferLength=0x10 | out: RandomBuffer=0x128172a8) returned 1 [0094.795] VirtualAlloc (lpAddress=0x12c00000, dwSize=0x400000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c00000 [0094.804] VirtualAlloc (lpAddress=0x22f1000, dwSize=0x41000, flAllocationType=0x1000, flProtect=0x4) returned 0x22f1000 [0094.804] VirtualAlloc (lpAddress=0x12c00000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c00000 [0094.804] GetFileType (hFile=0x1c0) returned 0x1 [0094.805] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0x0) returned 1 [0094.805] ReadFile (in: hFile=0x1c0, lpBuffer=0x12c00000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a71e80, lpOverlapped=0x0 | out: lpBuffer=0x12c00000*, lpNumberOfBytesRead=0x12a71e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.805] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x34cb0000 [0094.808] VirtualAlloc (lpAddress=0x12c04000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c04000 [0094.809] GetFileType (hFile=0x1c0) returned 0x1 [0094.809] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0x0) returned 1 [0094.809] WriteFile (in: hFile=0x1c0, lpBuffer=0x12c04000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a71e78, lpOverlapped=0x0 | out: lpBuffer=0x12c04000*, lpNumberOfBytesWritten=0x12a71e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.809] GetFileType (hFile=0x1c0) returned 0x1 [0094.809] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0x0) returned 1 [0094.809] SystemFunction036 (in: RandomBuffer=0x1287ff01, RandomBufferLength=0x40 | out: RandomBuffer=0x1287ff01) returned 1 [0094.809] VirtualAlloc (lpAddress=0x12c08000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c08000 [0094.810] VirtualAlloc (lpAddress=0x12a7e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a7e000 [0094.810] WriteFile (in: hFile=0x1c0, lpBuffer=0x128106c4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a71d88, lpOverlapped=0x0 | out: lpBuffer=0x128106c4*, lpNumberOfBytesWritten=0x12a71d88*=0x4, lpOverlapped=0x0) returned 1 [0094.810] WriteFile (in: hFile=0x1c0, lpBuffer=0x12a7e000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a71d88, lpOverlapped=0x0 | out: lpBuffer=0x12a7e000*, lpNumberOfBytesWritten=0x12a71d88*=0x100, lpOverlapped=0x0) returned 1 [0094.811] CloseHandle (hObject=0x1c0) returned 1 [0095.122] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0095.152] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\3W3Heu.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\3w3heu.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\3W3Heu.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\3w3heu.mkv.crypted"), dwFlags=0x1) returned 1 [0097.011] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\3W3Heu.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\3w3heu.mkv")) returned 0xffffffff [0097.058] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\pG2YkrB6YC7l.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\pg2ykrb6yc7l.wav"), fInfoLevelId=0x0, lpFileInformation=0x12a71c44 | out: lpFileInformation=0x12a71c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e4ffac0, ftCreationTime.dwHighDateTime=0x1d707d4, ftLastAccessTime.dwLowDateTime=0xd4b82860, ftLastAccessTime.dwHighDateTime=0x1d7089f, ftLastWriteTime.dwLowDateTime=0xd4b82860, ftLastWriteTime.dwHighDateTime=0x1d7089f, nFileSizeHigh=0x0, nFileSizeLow=0x7808)) returned 1 [0097.058] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\pG2YkrB6YC7l.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\pg2ykrb6yc7l.wav")) returned 0x20 [0097.058] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\pG2YkrB6YC7l.wav", dwFileAttributes=0x20) returned 1 [0097.058] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\pG2YkrB6YC7l.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\pg2ykrb6yc7l.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0097.058] GetConsoleMode (in: hConsoleHandle=0x2f8, lpMode=0x12a71e88 | out: lpMode=0x12a71e88) returned 0 [0097.058] GetFileType (hFile=0x2f8) returned 0x1 [0097.058] GetFileType (hFile=0x2f8) returned 0x1 [0097.058] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.058] ReadFile (in: hFile=0x2f8, lpBuffer=0x128107c8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a71d14, lpOverlapped=0x0 | out: lpBuffer=0x128107c8*, lpNumberOfBytesRead=0x12a71d14*=0x4, lpOverlapped=0x0) returned 1 [0097.059] SystemFunction036 (in: RandomBuffer=0x128cc078, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc078) returned 1 [0097.059] SystemFunction036 (in: RandomBuffer=0x128cc088, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc088) returned 1 [0097.059] GetFileType (hFile=0x2f8) returned 0x1 [0097.059] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0x0) returned 1 [0097.059] ReadFile (in: hFile=0x2f8, lpBuffer=0x12b90000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a71e80, lpOverlapped=0x0 | out: lpBuffer=0x12b90000*, lpNumberOfBytesRead=0x12a71e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.059] GetFileType (hFile=0x2f8) returned 0x1 [0097.059] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0x0) returned 1 [0097.059] WriteFile (in: hFile=0x2f8, lpBuffer=0x12b94000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a71e78, lpOverlapped=0x0 | out: lpBuffer=0x12b94000*, lpNumberOfBytesWritten=0x12a71e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.060] GetFileType (hFile=0x2f8) returned 0x1 [0097.060] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0x0) returned 1 [0097.060] SystemFunction036 (in: RandomBuffer=0x1295ee01, RandomBufferLength=0x40 | out: RandomBuffer=0x1295ee01) returned 1 [0097.060] WriteFile (in: hFile=0x2f8, lpBuffer=0x12810824*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a71d88, lpOverlapped=0x0 | out: lpBuffer=0x12810824*, lpNumberOfBytesWritten=0x12a71d88*=0x4, lpOverlapped=0x0) returned 1 [0097.060] WriteFile (in: hFile=0x2f8, lpBuffer=0x1295ef00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a71d88, lpOverlapped=0x0 | out: lpBuffer=0x1295ef00*, lpNumberOfBytesWritten=0x12a71d88*=0x100, lpOverlapped=0x0) returned 1 [0097.060] CloseHandle (hObject=0x2f8) returned 1 [0097.062] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\pG2YkrB6YC7l.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\pg2ykrb6yc7l.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\pG2YkrB6YC7l.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\pg2ykrb6yc7l.wav.crypted"), dwFlags=0x1) returned 1 [0097.063] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\pG2YkrB6YC7l.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\pg2ykrb6yc7l.wav")) returned 0xffffffff [0097.063] VirtualFree (lpAddress=0x12c3c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.063] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.099] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\mboAfofw_jCV.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\mboafofw_jcv.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12a71c44 | out: lpFileInformation=0x12a71c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x834a4940, ftCreationTime.dwHighDateTime=0x1d70336, ftLastAccessTime.dwLowDateTime=0xa7c5f610, ftLastAccessTime.dwHighDateTime=0x1d70855, ftLastWriteTime.dwLowDateTime=0xa7c5f610, ftLastWriteTime.dwHighDateTime=0x1d70855, nFileSizeHigh=0x0, nFileSizeLow=0x17d5f)) returned 1 [0097.099] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\mboAfofw_jCV.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\mboafofw_jcv.mp3")) returned 0x20 [0097.099] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\mboAfofw_jCV.mp3", dwFileAttributes=0x20) returned 1 [0097.099] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\mboAfofw_jCV.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\mboafofw_jcv.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x300 [0097.099] GetConsoleMode (in: hConsoleHandle=0x300, lpMode=0x12a71e88 | out: lpMode=0x12a71e88) returned 0 [0097.099] GetFileType (hFile=0x300) returned 0x1 [0097.099] GetFileType (hFile=0x300) returned 0x1 [0097.099] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.100] ReadFile (in: hFile=0x300, lpBuffer=0x1281082c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a71d14, lpOverlapped=0x0 | out: lpBuffer=0x1281082c*, lpNumberOfBytesRead=0x12a71d14*=0x4, lpOverlapped=0x0) returned 1 [0097.100] SystemFunction036 (in: RandomBuffer=0x128cc1b8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc1b8) returned 1 [0097.100] SystemFunction036 (in: RandomBuffer=0x128cc1c8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc1c8) returned 1 [0097.100] GetFileType (hFile=0x300) returned 0x1 [0097.100] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0x0) returned 1 [0097.100] ReadFile (in: hFile=0x300, lpBuffer=0x12b9a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a71e80, lpOverlapped=0x0 | out: lpBuffer=0x12b9a000*, lpNumberOfBytesRead=0x12a71e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.100] GetFileType (hFile=0x300) returned 0x1 [0097.100] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0x0) returned 1 [0097.100] WriteFile (in: hFile=0x300, lpBuffer=0x12b9e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a71e78, lpOverlapped=0x0 | out: lpBuffer=0x12b9e000*, lpNumberOfBytesWritten=0x12a71e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.100] GetFileType (hFile=0x300) returned 0x1 [0097.100] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a71e9c | out: lpNewFilePointer=0x0) returned 1 [0097.101] SystemFunction036 (in: RandomBuffer=0x1295f101, RandomBufferLength=0x40 | out: RandomBuffer=0x1295f101) returned 1 [0097.101] WaitForMultipleObjects (nCount=0x2, lpHandles=0x334efeec*=0x1e4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.108] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efb20, ulCount=0x10, ulNumEntriesRemoved=0x334efb08, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x334efb20, ulNumEntriesRemoved=0x334efb08) returned 0 [0097.108] SetEvent (hEvent=0x13c) returned 1 [0097.108] SetEvent (hEvent=0x218) returned 1 [0097.109] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0xb60000 [0097.109] WriteFile (in: hFile=0x300, lpBuffer=0x12810888*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a71d88, lpOverlapped=0x0 | out: lpBuffer=0x12810888*, lpNumberOfBytesWritten=0x12a71d88*=0x4, lpOverlapped=0x0) returned 1 [0097.109] WriteFile (in: hFile=0x300, lpBuffer=0x1295f200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a71d88, lpOverlapped=0x0 | out: lpBuffer=0x1295f200*, lpNumberOfBytesWritten=0x12a71d88*=0x100, lpOverlapped=0x0) returned 1 [0097.109] CloseHandle (hObject=0x300) returned 1 [0097.112] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\mboAfofw_jCV.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\mboafofw_jcv.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\mboAfofw_jCV.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\mboafofw_jcv.mp3.crypted"), dwFlags=0x1) returned 1 [0097.113] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\mboAfofw_jCV.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\mboafofw_jcv.mp3")) returned 0xffffffff [0097.113] WaitForMultipleObjects (nCount=0x2, lpHandles=0x334efed8*=0x1e4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.126] WaitForMultipleObjects (nCount=0x2, lpHandles=0x334efed8*=0x1e4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.132] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efb28, ulCount=0x10, ulNumEntriesRemoved=0x334efb10, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x334efb28, ulNumEntriesRemoved=0x334efb10) returned 0 [0097.133] SetEvent (hEvent=0x1d0) returned 1 [0097.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x334efee4*=0x1e4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\bUeCDFkN.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\buecdfkn.wav"), fInfoLevelId=0x0, lpFileInformation=0x12b2dc44 | out: lpFileInformation=0x12b2dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8fe89350, ftCreationTime.dwHighDateTime=0x1d6ff0d, ftLastAccessTime.dwLowDateTime=0xd046c560, ftLastAccessTime.dwHighDateTime=0x1d70058, ftLastWriteTime.dwLowDateTime=0xd046c560, ftLastWriteTime.dwHighDateTime=0x1d70058, nFileSizeHigh=0x0, nFileSizeLow=0x13b9e)) returned 1 [0097.188] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\bUeCDFkN.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\buecdfkn.wav")) returned 0x20 [0097.189] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\bUeCDFkN.wav", dwFileAttributes=0x20) returned 1 [0097.189] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\bUeCDFkN.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\buecdfkn.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0097.189] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x12b2de88 | out: lpMode=0x12b2de88) returned 0 [0097.189] GetFileType (hFile=0x2fc) returned 0x1 [0097.189] GetFileType (hFile=0x2fc) returned 0x1 [0097.189] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b2de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.189] ReadFile (in: hFile=0x2fc, lpBuffer=0x1288a004, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b2dd14, lpOverlapped=0x0 | out: lpBuffer=0x1288a004*, lpNumberOfBytesRead=0x12b2dd14*=0x4, lpOverlapped=0x0) returned 1 [0097.189] SystemFunction036 (in: RandomBuffer=0x12930028, RandomBufferLength=0x10 | out: RandomBuffer=0x12930028) returned 1 [0097.189] SystemFunction036 (in: RandomBuffer=0x12930038, RandomBufferLength=0x10 | out: RandomBuffer=0x12930038) returned 1 [0097.190] GetFileType (hFile=0x2fc) returned 0x1 [0097.190] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2de9c | out: lpNewFilePointer=0x0) returned 1 [0097.190] ReadFile (in: hFile=0x2fc, lpBuffer=0x12bb6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b2de80, lpOverlapped=0x0 | out: lpBuffer=0x12bb6000*, lpNumberOfBytesRead=0x12b2de80*=0x4000, lpOverlapped=0x0) returned 1 [0097.190] GetFileType (hFile=0x2fc) returned 0x1 [0097.190] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2de9c | out: lpNewFilePointer=0x0) returned 1 [0097.190] WriteFile (in: hFile=0x2fc, lpBuffer=0x12bba000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b2de78, lpOverlapped=0x0 | out: lpBuffer=0x12bba000*, lpNumberOfBytesWritten=0x12b2de78*=0x4000, lpOverlapped=0x0) returned 1 [0097.190] GetFileType (hFile=0x2fc) returned 0x1 [0097.190] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12b2de9c | out: lpNewFilePointer=0x0) returned 1 [0097.190] ReadFile (in: hFile=0x2fc, lpBuffer=0x12bb6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b2de80, lpOverlapped=0x0 | out: lpBuffer=0x12bb6000*, lpNumberOfBytesRead=0x12b2de80*=0x4000, lpOverlapped=0x0) returned 1 [0097.191] GetFileType (hFile=0x2fc) returned 0x1 [0097.191] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12b2de9c | out: lpNewFilePointer=0x0) returned 1 [0097.191] WriteFile (in: hFile=0x2fc, lpBuffer=0x12bbe000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b2de78, lpOverlapped=0x0 | out: lpBuffer=0x12bbe000*, lpNumberOfBytesWritten=0x12b2de78*=0x4000, lpOverlapped=0x0) returned 1 [0097.191] GetFileType (hFile=0x2fc) returned 0x1 [0097.191] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2de9c | out: lpNewFilePointer=0x0) returned 1 [0097.191] SystemFunction036 (in: RandomBuffer=0x12bc6001, RandomBufferLength=0x40 | out: RandomBuffer=0x12bc6001) returned 1 [0097.192] WriteFile (in: hFile=0x2fc, lpBuffer=0x1288a0f0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b2dd88, lpOverlapped=0x0 | out: lpBuffer=0x1288a0f0*, lpNumberOfBytesWritten=0x12b2dd88*=0x4, lpOverlapped=0x0) returned 1 [0097.192] WriteFile (in: hFile=0x2fc, lpBuffer=0x12bc6100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b2dd88, lpOverlapped=0x0 | out: lpBuffer=0x12bc6100*, lpNumberOfBytesWritten=0x12b2dd88*=0x100, lpOverlapped=0x0) returned 1 [0097.192] CloseHandle (hObject=0x2fc) returned 1 [0097.195] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\bUeCDFkN.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\buecdfkn.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\bUeCDFkN.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\buecdfkn.wav.crypted"), dwFlags=0x1) returned 1 [0097.196] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\bUeCDFkN.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\buecdfkn.wav")) returned 0xffffffff [0097.196] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\jk6FfJO_dz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jk6ffjo_dz.mp3"), fInfoLevelId=0x0, lpFileInformation=0x129cfc44 | out: lpFileInformation=0x129cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51bd9f20, ftCreationTime.dwHighDateTime=0x1d7025b, ftLastAccessTime.dwLowDateTime=0x37b62460, ftLastAccessTime.dwHighDateTime=0x1d7041f, ftLastWriteTime.dwLowDateTime=0x37b62460, ftLastWriteTime.dwHighDateTime=0x1d7041f, nFileSizeHigh=0x0, nFileSizeLow=0x6b6d)) returned 1 [0097.236] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\jk6FfJO_dz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jk6ffjo_dz.mp3")) returned 0x20 [0097.236] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\jk6FfJO_dz.mp3", dwFileAttributes=0x20) returned 1 [0097.236] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\jk6FfJO_dz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jk6ffjo_dz.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0097.237] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x129cfe88 | out: lpMode=0x129cfe88) returned 0 [0097.237] GetFileType (hFile=0x2fc) returned 0x1 [0097.237] GetFileType (hFile=0x2fc) returned 0x1 [0097.237] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.237] ReadFile (in: hFile=0x2fc, lpBuffer=0x12810054, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129cfd14, lpOverlapped=0x0 | out: lpBuffer=0x12810054*, lpNumberOfBytesRead=0x129cfd14*=0x4, lpOverlapped=0x0) returned 1 [0097.237] SystemFunction036 (in: RandomBuffer=0x129a20c8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a20c8) returned 1 [0097.237] SystemFunction036 (in: RandomBuffer=0x129a20d8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a20d8) returned 1 [0097.237] GetFileType (hFile=0x2fc) returned 0x1 [0097.237] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.237] ReadFile (in: hFile=0x2fc, lpBuffer=0x12ada000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129cfe80, lpOverlapped=0x0 | out: lpBuffer=0x12ada000*, lpNumberOfBytesRead=0x129cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0097.237] GetFileType (hFile=0x2fc) returned 0x1 [0097.237] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.237] WriteFile (in: hFile=0x2fc, lpBuffer=0x12ae0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129cfe78, lpOverlapped=0x0 | out: lpBuffer=0x12ae0000*, lpNumberOfBytesWritten=0x129cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0097.238] GetFileType (hFile=0x2fc) returned 0x1 [0097.238] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.238] SystemFunction036 (in: RandomBuffer=0x1295e101, RandomBufferLength=0x40 | out: RandomBuffer=0x1295e101) returned 1 [0097.238] WriteFile (in: hFile=0x2fc, lpBuffer=0x128100b0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128100b0*, lpNumberOfBytesWritten=0x129cfd88*=0x4, lpOverlapped=0x0) returned 1 [0097.238] WriteFile (in: hFile=0x2fc, lpBuffer=0x1295e200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x1295e200*, lpNumberOfBytesWritten=0x129cfd88*=0x100, lpOverlapped=0x0) returned 1 [0097.238] CloseHandle (hObject=0x2fc) returned 1 [0097.240] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\jk6FfJO_dz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jk6ffjo_dz.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\jk6FfJO_dz.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jk6ffjo_dz.mp3.crypted"), dwFlags=0x1) returned 1 [0097.241] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\jk6FfJO_dz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jk6ffjo_dz.mp3")) returned 0xffffffff [0097.241] SetEvent (hEvent=0x2cc) returned 1 [0097.241] VirtualFree (lpAddress=0x12dfc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.242] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.316] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.325] SetEvent (hEvent=0x218) returned 1 [0097.325] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\nXPIvrum.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\nxpivrum.wav"), fInfoLevelId=0x0, lpFileInformation=0x129cfc44 | out: lpFileInformation=0x129cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb71160, ftCreationTime.dwHighDateTime=0x1d70795, ftLastAccessTime.dwLowDateTime=0xd7c3b460, ftLastAccessTime.dwHighDateTime=0x1d707d3, ftLastWriteTime.dwLowDateTime=0xd7c3b460, ftLastWriteTime.dwHighDateTime=0x1d707d3, nFileSizeHigh=0x0, nFileSizeLow=0x8c38)) returned 1 [0097.325] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\nXPIvrum.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\nxpivrum.wav")) returned 0x20 [0097.325] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\nXPIvrum.wav", dwFileAttributes=0x20) returned 1 [0097.326] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\nXPIvrum.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\nxpivrum.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0097.326] GetConsoleMode (in: hConsoleHandle=0x280, lpMode=0x129cfe88 | out: lpMode=0x129cfe88) returned 0 [0097.326] GetFileType (hFile=0x280) returned 0x1 [0097.326] GetFileType (hFile=0x280) returned 0x1 [0097.326] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.326] ReadFile (in: hFile=0x280, lpBuffer=0x1281011c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129cfd14, lpOverlapped=0x0 | out: lpBuffer=0x1281011c*, lpNumberOfBytesRead=0x129cfd14*=0x4, lpOverlapped=0x0) returned 1 [0097.326] SystemFunction036 (in: RandomBuffer=0x129a2578, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2578) returned 1 [0097.326] SystemFunction036 (in: RandomBuffer=0x129a2588, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2588) returned 1 [0097.326] GetFileType (hFile=0x280) returned 0x1 [0097.326] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.326] ReadFile (in: hFile=0x280, lpBuffer=0x12af8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129cfe80, lpOverlapped=0x0 | out: lpBuffer=0x12af8000*, lpNumberOfBytesRead=0x129cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0097.327] GetFileType (hFile=0x280) returned 0x1 [0097.327] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.327] WriteFile (in: hFile=0x280, lpBuffer=0x12afc000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129cfe78, lpOverlapped=0x0 | out: lpBuffer=0x12afc000*, lpNumberOfBytesWritten=0x129cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0097.330] GetFileType (hFile=0x280) returned 0x1 [0097.330] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.330] SystemFunction036 (in: RandomBuffer=0x1295ea01, RandomBufferLength=0x40 | out: RandomBuffer=0x1295ea01) returned 1 [0097.330] WriteFile (in: hFile=0x280, lpBuffer=0x128102d8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128102d8*, lpNumberOfBytesWritten=0x129cfd88*=0x4, lpOverlapped=0x0) returned 1 [0097.330] WriteFile (in: hFile=0x280, lpBuffer=0x1295eb00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x1295eb00*, lpNumberOfBytesWritten=0x129cfd88*=0x100, lpOverlapped=0x0) returned 1 [0097.330] CloseHandle (hObject=0x280) returned 1 [0097.332] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\nXPIvrum.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\nxpivrum.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\nXPIvrum.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\nxpivrum.wav.crypted"), dwFlags=0x1) returned 1 [0097.333] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\nXPIvrum.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\nxpivrum.wav")) returned 0xffffffff [0097.333] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\MK7VWoo.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\mk7vwoo.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7413090, ftCreationTime.dwHighDateTime=0x1d705a7, ftLastAccessTime.dwLowDateTime=0xa56d1ac0, ftLastAccessTime.dwHighDateTime=0x1d707cd, ftLastWriteTime.dwLowDateTime=0xa56d1ac0, ftLastWriteTime.dwHighDateTime=0x1d707cd, nFileSizeHigh=0x0, nFileSizeLow=0xe495)) returned 1 [0097.379] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\MK7VWoo.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\mk7vwoo.mp3")) returned 0x20 [0097.379] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\MK7VWoo.mp3", dwFileAttributes=0x20) returned 1 [0097.379] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\MK7VWoo.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\mk7vwoo.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0097.380] GetConsoleMode (in: hConsoleHandle=0x278, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0097.380] GetFileType (hFile=0x278) returned 0x1 [0097.380] GetFileType (hFile=0x278) returned 0x1 [0097.380] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.380] ReadFile (in: hFile=0x278, lpBuffer=0x1298e194, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e194*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0097.380] SystemFunction036 (in: RandomBuffer=0x128cc7a8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc7a8) returned 1 [0097.380] SystemFunction036 (in: RandomBuffer=0x128cc7b8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc7b8) returned 1 [0097.380] GetFileType (hFile=0x278) returned 0x1 [0097.380] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.380] ReadFile (in: hFile=0x278, lpBuffer=0x12b6c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12b6c000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.380] GetFileType (hFile=0x278) returned 0x1 [0097.380] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.380] WriteFile (in: hFile=0x278, lpBuffer=0x12b70000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12b70000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.381] GetFileType (hFile=0x278) returned 0x1 [0097.381] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.381] ReadFile (in: hFile=0x278, lpBuffer=0x12b6c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12b6c000*, lpNumberOfBytesRead=0x12915e80*=0x2495, lpOverlapped=0x0) returned 1 [0097.381] GetFileType (hFile=0x278) returned 0x1 [0097.381] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.381] WriteFile (in: hFile=0x278, lpBuffer=0x128ea000*, nNumberOfBytesToWrite=0x24a0, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x128ea000*, lpNumberOfBytesWritten=0x12915e78*=0x24a0, lpOverlapped=0x0) returned 1 [0097.381] GetFileType (hFile=0x278) returned 0x1 [0097.381] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.381] SystemFunction036 (in: RandomBuffer=0x12d9f201, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9f201) returned 1 [0097.382] WriteFile (in: hFile=0x278, lpBuffer=0x1298e1f0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e1f0*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0097.382] WriteFile (in: hFile=0x278, lpBuffer=0x12d9f300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9f300*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0097.382] CloseHandle (hObject=0x278) returned 1 [0097.384] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\MK7VWoo.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\mk7vwoo.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\MK7VWoo.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\mk7vwoo.mp3.crypted"), dwFlags=0x1) returned 1 [0097.384] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\MK7VWoo.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\mk7vwoo.mp3")) returned 0xffffffff [0097.384] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x18, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0097.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\nnjv0Ap0trl8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\nnjv0ap0trl8.m4a"), fInfoLevelId=0x0, lpFileInformation=0x129cfc44 | out: lpFileInformation=0x129cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95b1740, ftCreationTime.dwHighDateTime=0x1d703a9, ftLastAccessTime.dwLowDateTime=0xeb9f7e0, ftLastAccessTime.dwHighDateTime=0x1d70437, ftLastWriteTime.dwLowDateTime=0xeb9f7e0, ftLastWriteTime.dwHighDateTime=0x1d70437, nFileSizeHigh=0x0, nFileSizeLow=0x7286)) returned 1 [0097.430] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\nnjv0Ap0trl8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\nnjv0ap0trl8.m4a")) returned 0x20 [0097.430] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\nnjv0Ap0trl8.m4a", dwFileAttributes=0x20) returned 1 [0097.431] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\nnjv0Ap0trl8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\nnjv0ap0trl8.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0097.431] GetConsoleMode (in: hConsoleHandle=0x2a0, lpMode=0x129cfe88 | out: lpMode=0x129cfe88) returned 0 [0097.431] GetFileType (hFile=0x2a0) returned 0x1 [0097.431] GetFileType (hFile=0x2a0) returned 0x1 [0097.431] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.431] ReadFile (in: hFile=0x2a0, lpBuffer=0x12810344, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129cfd14, lpOverlapped=0x0 | out: lpBuffer=0x12810344*, lpNumberOfBytesRead=0x129cfd14*=0x4, lpOverlapped=0x0) returned 1 [0097.431] SystemFunction036 (in: RandomBuffer=0x129a2988, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2988) returned 1 [0097.431] SystemFunction036 (in: RandomBuffer=0x129a2998, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2998) returned 1 [0097.431] GetFileType (hFile=0x2a0) returned 0x1 [0097.431] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.431] ReadFile (in: hFile=0x2a0, lpBuffer=0x128d8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129cfe80, lpOverlapped=0x0 | out: lpBuffer=0x128d8000*, lpNumberOfBytesRead=0x129cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0097.432] GetFileType (hFile=0x2a0) returned 0x1 [0097.432] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.432] WriteFile (in: hFile=0x2a0, lpBuffer=0x128de000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129cfe78, lpOverlapped=0x0 | out: lpBuffer=0x128de000*, lpNumberOfBytesWritten=0x129cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0097.432] GetFileType (hFile=0x2a0) returned 0x1 [0097.432] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.432] SystemFunction036 (in: RandomBuffer=0x1295f901, RandomBufferLength=0x40 | out: RandomBuffer=0x1295f901) returned 1 [0097.432] WriteFile (in: hFile=0x2a0, lpBuffer=0x128103a0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128103a0*, lpNumberOfBytesWritten=0x129cfd88*=0x4, lpOverlapped=0x0) returned 1 [0097.432] WriteFile (in: hFile=0x2a0, lpBuffer=0x1295fa00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x1295fa00*, lpNumberOfBytesWritten=0x129cfd88*=0x100, lpOverlapped=0x0) returned 1 [0097.433] CloseHandle (hObject=0x2a0) returned 1 [0097.434] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\nnjv0Ap0trl8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\nnjv0ap0trl8.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\nnjv0Ap0trl8.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\nnjv0ap0trl8.m4a.crypted"), dwFlags=0x1) returned 1 [0097.435] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\nnjv0Ap0trl8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\nnjv0ap0trl8.m4a")) returned 0xffffffff [0097.435] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x2b, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0097.522] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x1d, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0097.576] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x31, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0097.636] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12982000*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x12a71a78, lpReserved=0x0 | out: lpBuffer=0x12982000*, lpNumberOfCharsWritten=0x12a71a78*=0x9) returned 1 [0097.653] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.731] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.749] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.752] SetEvent (hEvent=0x278) returned 1 [0097.752] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\RnOyPWEf6b-wu.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\rnoypwef6b-wu.gif"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecc21440, ftCreationTime.dwHighDateTime=0x1d70500, ftLastAccessTime.dwLowDateTime=0x49f1c3d0, ftLastAccessTime.dwHighDateTime=0x1d70778, ftLastWriteTime.dwLowDateTime=0x49f1c3d0, ftLastWriteTime.dwHighDateTime=0x1d70778, nFileSizeHigh=0x0, nFileSizeLow=0x150ca)) returned 1 [0097.752] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\RnOyPWEf6b-wu.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\rnoypwef6b-wu.gif")) returned 0x20 [0097.752] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\RnOyPWEf6b-wu.gif", dwFileAttributes=0x20) returned 1 [0097.752] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\RnOyPWEf6b-wu.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\rnoypwef6b-wu.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.753] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0097.753] GetFileType (hFile=0x274) returned 0x1 [0097.753] GetFileType (hFile=0x274) returned 0x1 [0097.753] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.753] ReadFile (in: hFile=0x274, lpBuffer=0x1288a26c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a26c*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0097.753] SystemFunction036 (in: RandomBuffer=0x129307a8, RandomBufferLength=0x10 | out: RandomBuffer=0x129307a8) returned 1 [0097.753] SystemFunction036 (in: RandomBuffer=0x129307b8, RandomBufferLength=0x10 | out: RandomBuffer=0x129307b8) returned 1 [0097.753] GetFileType (hFile=0x274) returned 0x1 [0097.753] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.753] ReadFile (in: hFile=0x274, lpBuffer=0x12a1a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12a1a000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.753] GetFileType (hFile=0x274) returned 0x1 [0097.753] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.754] WriteFile (in: hFile=0x274, lpBuffer=0x12a26000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12a26000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.754] GetFileType (hFile=0x274) returned 0x1 [0097.754] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.754] SystemFunction036 (in: RandomBuffer=0x12bc6e01, RandomBufferLength=0x40 | out: RandomBuffer=0x12bc6e01) returned 1 [0097.754] WriteFile (in: hFile=0x274, lpBuffer=0x1288a2c8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a2c8*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0097.754] WriteFile (in: hFile=0x274, lpBuffer=0x12bc6f00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12bc6f00*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0097.754] CloseHandle (hObject=0x274) returned 1 [0097.757] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\RnOyPWEf6b-wu.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\rnoypwef6b-wu.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\RnOyPWEf6b-wu.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\rnoypwef6b-wu.gif.crypted"), dwFlags=0x1) returned 1 [0097.768] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\RnOyPWEf6b-wu.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\rnoypwef6b-wu.gif")) returned 0xffffffff [0097.769] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.825] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.840] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.852] SetEvent (hEvent=0x260) returned 1 [0097.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\_DZRGDb6qOo Id v9KRz.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\_dzrgdb6qoo id v9krz.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b39ca30, ftCreationTime.dwHighDateTime=0x1d70304, ftLastAccessTime.dwLowDateTime=0xf05bd820, ftLastAccessTime.dwHighDateTime=0x1d708b6, ftLastWriteTime.dwLowDateTime=0xf05bd820, ftLastWriteTime.dwHighDateTime=0x1d708b6, nFileSizeHigh=0x0, nFileSizeLow=0x3910)) returned 1 [0097.852] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\_DZRGDb6qOo Id v9KRz.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\_dzrgdb6qoo id v9krz.jpg")) returned 0x20 [0097.852] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\_DZRGDb6qOo Id v9KRz.jpg", dwFileAttributes=0x20) returned 1 [0097.852] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\_DZRGDb6qOo Id v9KRz.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\_dzrgdb6qoo id v9krz.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.853] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0097.853] GetFileType (hFile=0x274) returned 0x1 [0097.853] GetFileType (hFile=0x274) returned 0x1 [0097.853] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.853] ReadFile (in: hFile=0x274, lpBuffer=0x1288a2dc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a2dc*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0097.853] SystemFunction036 (in: RandomBuffer=0x129308e8, RandomBufferLength=0x10 | out: RandomBuffer=0x129308e8) returned 1 [0097.853] SystemFunction036 (in: RandomBuffer=0x129308f8, RandomBufferLength=0x10 | out: RandomBuffer=0x129308f8) returned 1 [0097.853] GetFileType (hFile=0x274) returned 0x1 [0097.853] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.853] ReadFile (in: hFile=0x274, lpBuffer=0x12a2c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12a2c000*, lpNumberOfBytesRead=0x12a51e80*=0x3910, lpOverlapped=0x0) returned 1 [0097.853] GetFileType (hFile=0x274) returned 0x1 [0097.853] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.854] WriteFile (in: hFile=0x274, lpBuffer=0x12a30000*, nNumberOfBytesToWrite=0x3910, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12a30000*, lpNumberOfBytesWritten=0x12a51e78*=0x3910, lpOverlapped=0x0) returned 1 [0097.854] GetFileType (hFile=0x274) returned 0x1 [0097.854] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.854] SystemFunction036 (in: RandomBuffer=0x12bc7101, RandomBufferLength=0x40 | out: RandomBuffer=0x12bc7101) returned 1 [0097.854] WriteFile (in: hFile=0x274, lpBuffer=0x1288a338*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a338*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0097.854] WriteFile (in: hFile=0x274, lpBuffer=0x12bc7200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12bc7200*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0097.854] CloseHandle (hObject=0x274) returned 1 [0097.856] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\_DZRGDb6qOo Id v9KRz.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\_dzrgdb6qoo id v9krz.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\_DZRGDb6qOo Id v9KRz.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\_dzrgdb6qoo id v9krz.jpg.crypted"), dwFlags=0x1) returned 1 [0097.856] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\_DZRGDb6qOo Id v9KRz.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\_dzrgdb6qoo id v9krz.jpg")) returned 0xffffffff [0097.856] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0097.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gNpnccZzyR4yOQ7Kq4.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gnpncczzyr4yoq7kq4.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff8dca40, ftCreationTime.dwHighDateTime=0x1d6fc1a, ftLastAccessTime.dwLowDateTime=0x57db4270, ftLastAccessTime.dwHighDateTime=0x1d70587, ftLastWriteTime.dwLowDateTime=0x57db4270, ftLastWriteTime.dwHighDateTime=0x1d70587, nFileSizeHigh=0x0, nFileSizeLow=0xabfb)) returned 1 [0097.885] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gNpnccZzyR4yOQ7Kq4.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gnpncczzyr4yoq7kq4.bmp")) returned 0x20 [0097.885] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gNpnccZzyR4yOQ7Kq4.bmp", dwFileAttributes=0x20) returned 1 [0097.886] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gNpnccZzyR4yOQ7Kq4.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gnpncczzyr4yoq7kq4.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.886] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0097.886] GetFileType (hFile=0x274) returned 0x1 [0097.886] GetFileType (hFile=0x274) returned 0x1 [0097.886] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.886] ReadFile (in: hFile=0x274, lpBuffer=0x128104fc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x128104fc*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0097.886] SystemFunction036 (in: RandomBuffer=0x129a33d8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a33d8) returned 1 [0097.886] SystemFunction036 (in: RandomBuffer=0x129a33e8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a33e8) returned 1 [0097.886] GetFileType (hFile=0x274) returned 0x1 [0097.886] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.886] ReadFile (in: hFile=0x274, lpBuffer=0x129c6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x129c6000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.887] GetFileType (hFile=0x274) returned 0x1 [0097.887] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.887] WriteFile (in: hFile=0x274, lpBuffer=0x129ca000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x129ca000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.887] GetFileType (hFile=0x274) returned 0x1 [0097.887] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.887] SystemFunction036 (in: RandomBuffer=0x1299a501, RandomBufferLength=0x40 | out: RandomBuffer=0x1299a501) returned 1 [0097.887] WriteFile (in: hFile=0x274, lpBuffer=0x12810558*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12810558*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0097.887] WriteFile (in: hFile=0x274, lpBuffer=0x1299a600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1299a600*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0097.887] CloseHandle (hObject=0x274) returned 1 [0097.892] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gNpnccZzyR4yOQ7Kq4.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gnpncczzyr4yoq7kq4.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gNpnccZzyR4yOQ7Kq4.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gnpncczzyr4yoq7kq4.bmp.crypted"), dwFlags=0x1) returned 1 [0097.893] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gNpnccZzyR4yOQ7Kq4.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gnpncczzyr4yoq7kq4.bmp")) returned 0xffffffff [0097.893] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x1c, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0097.970] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x23, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0098.116] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x12, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0098.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\n5A2AmtZcP5kxq23 MP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\n5a2amtzcp5kxq23 mp.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3887a00, ftCreationTime.dwHighDateTime=0x1d6ff0c, ftLastAccessTime.dwLowDateTime=0x4b69a1d0, ftLastAccessTime.dwHighDateTime=0x1d708ac, ftLastWriteTime.dwLowDateTime=0x4b69a1d0, ftLastWriteTime.dwHighDateTime=0x1d708ac, nFileSizeHigh=0x0, nFileSizeLow=0x7684)) returned 1 [0098.195] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\n5A2AmtZcP5kxq23 MP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\n5a2amtzcp5kxq23 mp.jpg")) returned 0x20 [0098.195] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\n5A2AmtZcP5kxq23 MP.jpg", dwFileAttributes=0x20) returned 1 [0098.196] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\n5A2AmtZcP5kxq23 MP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\n5a2amtzcp5kxq23 mp.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0098.196] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0098.196] GetFileType (hFile=0x274) returned 0x1 [0098.196] GetFileType (hFile=0x274) returned 0x1 [0098.196] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0098.196] ReadFile (in: hFile=0x274, lpBuffer=0x12900680, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x12900680*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0098.196] SystemFunction036 (in: RandomBuffer=0x12817c48, RandomBufferLength=0x10 | out: RandomBuffer=0x12817c48) returned 1 [0098.196] SystemFunction036 (in: RandomBuffer=0x12817c58, RandomBufferLength=0x10 | out: RandomBuffer=0x12817c58) returned 1 [0098.196] GetFileType (hFile=0x274) returned 0x1 [0098.196] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0098.196] ReadFile (in: hFile=0x274, lpBuffer=0x12aa8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12aa8000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0098.197] GetFileType (hFile=0x274) returned 0x1 [0098.197] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0098.197] WriteFile (in: hFile=0x274, lpBuffer=0x12aac000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12aac000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0098.197] GetFileType (hFile=0x274) returned 0x1 [0098.197] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0098.197] SystemFunction036 (in: RandomBuffer=0x1286a401, RandomBufferLength=0x40 | out: RandomBuffer=0x1286a401) returned 1 [0098.198] WriteFile (in: hFile=0x274, lpBuffer=0x129006dc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x129006dc*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0098.198] WriteFile (in: hFile=0x274, lpBuffer=0x1286a500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x1286a500*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0098.198] CloseHandle (hObject=0x274) returned 1 [0098.200] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\n5A2AmtZcP5kxq23 MP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\n5a2amtzcp5kxq23 mp.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\n5A2AmtZcP5kxq23 MP.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\n5a2amtzcp5kxq23 mp.jpg.crypted"), dwFlags=0x1) returned 1 [0098.201] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\n5A2AmtZcP5kxq23 MP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\n5a2amtzcp5kxq23 mp.jpg")) returned 0xffffffff [0098.201] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x18, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0098.314] VirtualFree (lpAddress=0x12dde000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.314] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa24, ulCount=0x10, ulNumEntriesRemoved=0x334efa0c, dwMilliseconds=0x31, fAlertable=0 | out: lpCompletionPortEntries=0x334efa24, ulNumEntriesRemoved=0x334efa0c) returned 0 [0098.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\wbH2qH6mqYuF9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wbh2qh6mqyuf9.png"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x985a60c0, ftCreationTime.dwHighDateTime=0x1d70a45, ftLastAccessTime.dwLowDateTime=0x350ff960, ftLastAccessTime.dwHighDateTime=0x1d70a5b, ftLastWriteTime.dwLowDateTime=0x350ff960, ftLastWriteTime.dwHighDateTime=0x1d70a5b, nFileSizeHigh=0x0, nFileSizeLow=0x11d30)) returned 1 [0098.991] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\wbH2qH6mqYuF9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wbh2qh6mqyuf9.png")) returned 0x20 [0098.991] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\wbH2qH6mqYuF9.png", dwFileAttributes=0x20) returned 1 [0098.992] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\wbH2qH6mqYuF9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wbh2qh6mqyuf9.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0098.993] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0098.993] GetFileType (hFile=0x274) returned 0x1 [0098.993] GetFileType (hFile=0x274) returned 0x1 [0098.993] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0098.993] ReadFile (in: hFile=0x274, lpBuffer=0x1288a490, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a490*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0098.993] SystemFunction036 (in: RandomBuffer=0x12930de8, RandomBufferLength=0x10 | out: RandomBuffer=0x12930de8) returned 1 [0098.993] SystemFunction036 (in: RandomBuffer=0x12930df8, RandomBufferLength=0x10 | out: RandomBuffer=0x12930df8) returned 1 [0098.993] GetFileType (hFile=0x274) returned 0x1 [0098.993] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0098.993] ReadFile (in: hFile=0x274, lpBuffer=0x12ab8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12ab8000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0098.993] GetFileType (hFile=0x274) returned 0x1 [0098.994] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0098.994] WriteFile (in: hFile=0x274, lpBuffer=0x12abc000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12abc000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0098.994] GetFileType (hFile=0x274) returned 0x1 [0098.994] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0098.994] SystemFunction036 (in: RandomBuffer=0x12bc7f01, RandomBufferLength=0x40 | out: RandomBuffer=0x12bc7f01) returned 1 [0098.994] WriteFile (in: hFile=0x274, lpBuffer=0x1288a4ec*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a4ec*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0098.994] WriteFile (in: hFile=0x274, lpBuffer=0x12ac2000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12ac2000*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0098.995] CloseHandle (hObject=0x274) returned 1 [0098.997] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\wbH2qH6mqYuF9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wbh2qh6mqyuf9.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\wbH2qH6mqYuF9.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wbh2qh6mqyuf9.png.crypted"), dwFlags=0x1) returned 1 [0099.002] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\wbH2qH6mqYuF9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wbh2qh6mqyuf9.png")) returned 0xffffffff [0099.002] SetEvent (hEvent=0x1a4) returned 1 [0099.002] VirtualFree (lpAddress=0x12ddc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.003] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa24, ulCount=0x10, ulNumEntriesRemoved=0x334efa0c, dwMilliseconds=0x20, fAlertable=0 | out: lpCompletionPortEntries=0x334efa24, ulNumEntriesRemoved=0x334efa0c) returned 0 [0099.043] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1290e000*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x12a71a78, lpReserved=0x0 | out: lpBuffer=0x1290e000*, lpNumberOfCharsWritten=0x12a71a78*=0x9) returned 1 [0099.068] SetEvent (hEvent=0x1d0) returned 1 [0099.068] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6e00*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6e00*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0099.078] SetEvent (hEvent=0x1d0) returned 1 [0099.081] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\indexed locations.search-ms"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x4377acca, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4377acca, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4377acca, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0099.081] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12883580*, nNumberOfCharsToWrite=0x3f, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12883580*, lpNumberOfCharsWritten=0x12831848*=0x3f) returned 1 [0099.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x20c)) returned 1 [0099.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo" (normalized: "c:\\users\\rdhj0cnfevzx\\sendto"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.118] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo" (normalized: "c:\\users\\rdhj0cnfevzx\\sendto"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x274 [0099.118] GetFileInformationByHandle (in: hFile=0x274, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0099.118] GetFileInformationByHandleEx (in: hFile=0x274, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0099.118] CloseHandle (hObject=0x274) returned 1 [0099.118] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1291fd80*, nNumberOfCharsToWrite=0x1f, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x1291fd80*, lpNumberOfCharsWritten=0x128318b0*=0x1f) returned 1 [0099.136] SetEvent (hEvent=0x260) returned 1 [0099.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Start Menu" (normalized: "c:\\users\\rdhj0cnfevzx\\start menu"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.136] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Start Menu" (normalized: "c:\\users\\rdhj0cnfevzx\\start menu"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x274 [0099.136] GetFileInformationByHandle (in: hFile=0x274, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0099.136] GetFileInformationByHandleEx (in: hFile=0x274, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0099.136] CloseHandle (hObject=0x274) returned 1 [0099.136] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128cd310*, nNumberOfCharsToWrite=0x23, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x128cd310*, lpNumberOfCharsWritten=0x128318b0*=0x23) returned 1 [0099.184] SetEvent (hEvent=0x260) returned 1 [0099.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Templates" (normalized: "c:\\users\\rdhj0cnfevzx\\templates"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.184] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Templates" (normalized: "c:\\users\\rdhj0cnfevzx\\templates"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x274 [0099.184] GetFileInformationByHandle (in: hFile=0x274, lpFileInformation=0x12831b40 | out: lpFileInformation=0x12831b40) returned 1 [0099.184] GetFileInformationByHandleEx (in: hFile=0x274, FileInformationClass=0x9, lpFileInformation=0x12831b38, dwBufferSize=0x8 | out: lpFileInformation=0x12831b38) returned 1 [0099.184] CloseHandle (hObject=0x274) returned 1 [0099.185] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12817db0*, nNumberOfCharsToWrite=0x22, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x12817db0*, lpNumberOfCharsWritten=0x128318b0*=0x22) returned 1 [0099.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos" (normalized: "c:\\users\\rdhj0cnfevzx\\videos"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5259a10e, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5259a10e, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0099.215] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos" (normalized: "c:\\users\\rdhj0cnfevzx\\videos"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.215] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5259a10e, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5259a10e, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5259a10e, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x5259a10e, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85174ba0, ftCreationTime.dwHighDateTime=0x1d70819, ftLastAccessTime.dwLowDateTime=0x52b74110, ftLastAccessTime.dwHighDateTime=0x1d708a0, ftLastWriteTime.dwLowDateTime=0x52b74110, ftLastWriteTime.dwHighDateTime=0x1d708a0, nFileSizeHigh=0x0, nFileSizeLow=0x49a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="27aUy Ao90492vIE.flv", cAlternateFileName="27AUYA~1.FLV")) returned 1 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda077ed0, ftCreationTime.dwHighDateTime=0x1d7042e, ftLastAccessTime.dwLowDateTime=0x78bf9aa0, ftLastAccessTime.dwHighDateTime=0x1d708d8, ftLastWriteTime.dwLowDateTime=0x78bf9aa0, ftLastWriteTime.dwHighDateTime=0x1d708d8, nFileSizeHigh=0x0, nFileSizeLow=0x11dcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="4bqpns7UkgBUaTR.mp4", cAlternateFileName="4BQPNS~1.MP4")) returned 1 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73771690, ftCreationTime.dwHighDateTime=0x1d7095a, ftLastAccessTime.dwLowDateTime=0x6db84920, ftLastAccessTime.dwHighDateTime=0x1d70970, ftLastWriteTime.dwLowDateTime=0x6db84920, ftLastWriteTime.dwHighDateTime=0x1d70970, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bo6xMhJa7YQNZtA07", cAlternateFileName="BO6XMH~1")) returned 1 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4347fe61, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefc05e70, ftCreationTime.dwHighDateTime=0x1d70624, ftLastAccessTime.dwLowDateTime=0x9bee8940, ftLastAccessTime.dwHighDateTime=0x1d706fe, ftLastWriteTime.dwLowDateTime=0x9bee8940, ftLastWriteTime.dwHighDateTime=0x1d706fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="H9Eu0o86x", cAlternateFileName="H9EU0O~1")) returned 1 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa364b620, ftCreationTime.dwHighDateTime=0x1d6fd91, ftLastAccessTime.dwLowDateTime=0x692ba780, ftLastAccessTime.dwHighDateTime=0x1d700dd, ftLastWriteTime.dwLowDateTime=0x692ba780, ftLastWriteTime.dwHighDateTime=0x1d700dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="p8tW", cAlternateFileName="")) returned 1 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e518c80, ftCreationTime.dwHighDateTime=0x1d7018d, ftLastAccessTime.dwLowDateTime=0x2b601b0, ftLastAccessTime.dwHighDateTime=0x1d701c0, ftLastWriteTime.dwLowDateTime=0x2b601b0, ftLastWriteTime.dwHighDateTime=0x1d701c0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="R9kOXEGtjBQG4RnNd", cAlternateFileName="R9KOXE~1")) returned 1 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6b6400, ftCreationTime.dwHighDateTime=0x1d6fbe1, ftLastAccessTime.dwLowDateTime=0x9993e690, ftLastAccessTime.dwHighDateTime=0x1d6fede, ftLastWriteTime.dwLowDateTime=0x9993e690, ftLastWriteTime.dwHighDateTime=0x1d6fede, nFileSizeHigh=0x0, nFileSizeLow=0x1311b, dwReserved0=0x0, dwReserved1=0x0, cFileName="umJF5l KUU0k.flv", cAlternateFileName="UMJF5L~1.FLV")) returned 1 [0099.215] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.215] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.216] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.216] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.217] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0099.217] GetFileType (hFile=0x274) returned 0x1 [0099.217] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0099.219] CloseHandle (hObject=0x274) returned 1 [0099.220] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\27aUy Ao90492vIE.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\27auy ao90492vie.flv"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85174ba0, ftCreationTime.dwHighDateTime=0x1d70819, ftLastAccessTime.dwLowDateTime=0x52b74110, ftLastAccessTime.dwHighDateTime=0x1d708a0, ftLastWriteTime.dwLowDateTime=0x52b74110, ftLastWriteTime.dwHighDateTime=0x1d708a0, nFileSizeHigh=0x0, nFileSizeLow=0x49a5)) returned 1 [0099.220] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12a5ee70*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12a5ee70*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0099.270] SetEvent (hEvent=0x278) returned 1 [0099.270] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\4bqpns7UkgBUaTR.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\4bqpns7ukgbuatr.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda077ed0, ftCreationTime.dwHighDateTime=0x1d7042e, ftLastAccessTime.dwLowDateTime=0x78bf9aa0, ftLastAccessTime.dwHighDateTime=0x1d708d8, ftLastWriteTime.dwLowDateTime=0x78bf9aa0, ftLastWriteTime.dwHighDateTime=0x1d708d8, nFileSizeHigh=0x0, nFileSizeLow=0x11dcc)) returned 1 [0099.270] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12a5ef50*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12a5ef50*, lpNumberOfCharsWritten=0x12831848*=0x37) returned 1 [0099.295] SetEvent (hEvent=0x278) returned 1 [0099.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73771690, ftCreationTime.dwHighDateTime=0x1d7095a, ftLastAccessTime.dwLowDateTime=0x6db84920, ftLastAccessTime.dwHighDateTime=0x1d70970, ftLastWriteTime.dwLowDateTime=0x6db84920, ftLastWriteTime.dwHighDateTime=0x1d70970, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0099.295] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.295] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73771690, ftCreationTime.dwHighDateTime=0x1d7095a, ftLastAccessTime.dwLowDateTime=0x6db84920, ftLastAccessTime.dwHighDateTime=0x1d70970, ftLastWriteTime.dwLowDateTime=0x6db84920, ftLastWriteTime.dwHighDateTime=0x1d70970, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.295] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x73771690, ftCreationTime.dwHighDateTime=0x1d7095a, ftLastAccessTime.dwLowDateTime=0x6db84920, ftLastAccessTime.dwHighDateTime=0x1d70970, ftLastWriteTime.dwLowDateTime=0x6db84920, ftLastWriteTime.dwHighDateTime=0x1d70970, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.295] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcdd3e480, ftCreationTime.dwHighDateTime=0x1d709b7, ftLastAccessTime.dwLowDateTime=0xbc36f560, ftLastAccessTime.dwHighDateTime=0x1d709e8, ftLastWriteTime.dwLowDateTime=0xbc36f560, ftLastWriteTime.dwHighDateTime=0x1d709e8, nFileSizeHigh=0x0, nFileSizeLow=0xaf8c, dwReserved0=0x0, dwReserved1=0x0, cFileName="-PtDE674Kqh5Lvu.mp4", cAlternateFileName="-PTDE6~1.MP4")) returned 1 [0099.295] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d6ac6c0, ftCreationTime.dwHighDateTime=0x1d6fabb, ftLastAccessTime.dwLowDateTime=0x228901a0, ftLastAccessTime.dwHighDateTime=0x1d6fd55, ftLastWriteTime.dwLowDateTime=0x228901a0, ftLastWriteTime.dwHighDateTime=0x1d6fd55, nFileSizeHigh=0x0, nFileSizeLow=0x25e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="95qIU6V2taby9rkE-7B.mkv", cAlternateFileName="95QIU6~1.MKV")) returned 1 [0099.295] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fc45690, ftCreationTime.dwHighDateTime=0x1d70423, ftLastAccessTime.dwLowDateTime=0xb8f76f00, ftLastAccessTime.dwHighDateTime=0x1d705fc, ftLastWriteTime.dwLowDateTime=0xb8f76f00, ftLastWriteTime.dwHighDateTime=0x1d705fc, nFileSizeHigh=0x0, nFileSizeLow=0x2e91, dwReserved0=0x0, dwReserved1=0x0, cFileName="cX6yGT.mkv", cAlternateFileName="")) returned 1 [0099.295] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4f1cff0, ftCreationTime.dwHighDateTime=0x1d6fab1, ftLastAccessTime.dwLowDateTime=0x8c335090, ftLastAccessTime.dwHighDateTime=0x1d7034c, ftLastWriteTime.dwLowDateTime=0x8c335090, ftLastWriteTime.dwHighDateTime=0x1d7034c, nFileSizeHigh=0x0, nFileSizeLow=0x2c2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="HZCrml MO689itQovwz.flv", cAlternateFileName="HZCRML~1.FLV")) returned 1 [0099.295] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe323160, ftCreationTime.dwHighDateTime=0x1d70680, ftLastAccessTime.dwLowDateTime=0x2c8c9d00, ftLastAccessTime.dwHighDateTime=0x1d70869, ftLastWriteTime.dwLowDateTime=0x2c8c9d00, ftLastWriteTime.dwHighDateTime=0x1d70869, nFileSizeHigh=0x0, nFileSizeLow=0xad89, dwReserved0=0x0, dwReserved1=0x0, cFileName="N3AG.avi", cAlternateFileName="")) returned 1 [0099.295] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7678edc0, ftCreationTime.dwHighDateTime=0x1d70a7f, ftLastAccessTime.dwLowDateTime=0x8e4b1a90, ftLastAccessTime.dwHighDateTime=0x1d70a7f, ftLastWriteTime.dwLowDateTime=0x8e4b1a90, ftLastWriteTime.dwHighDateTime=0x1d70a7f, nFileSizeHigh=0x0, nFileSizeLow=0x10878, dwReserved0=0x0, dwReserved1=0x0, cFileName="yppx1B7j.flv", cAlternateFileName="")) returned 1 [0099.295] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506f72e0, ftCreationTime.dwHighDateTime=0x1d6ffab, ftLastAccessTime.dwLowDateTime=0xe4cf7cc0, ftLastAccessTime.dwHighDateTime=0x1d703eb, ftLastWriteTime.dwLowDateTime=0xe4cf7cc0, ftLastWriteTime.dwHighDateTime=0x1d703eb, nFileSizeHigh=0x0, nFileSizeLow=0x5299, dwReserved0=0x0, dwReserved1=0x0, cFileName="zDAfxOHlO1SRg.avi", cAlternateFileName="ZDAFXO~1.AVI")) returned 1 [0099.295] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.295] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.296] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.296] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.296] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0099.296] GetFileType (hFile=0x274) returned 0x1 [0099.296] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0099.297] CloseHandle (hObject=0x274) returned 1 [0099.297] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\-PtDE674Kqh5Lvu.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\-ptde674kqh5lvu.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcdd3e480, ftCreationTime.dwHighDateTime=0x1d709b7, ftLastAccessTime.dwLowDateTime=0xbc36f560, ftLastAccessTime.dwHighDateTime=0x1d709e8, ftLastWriteTime.dwLowDateTime=0xbc36f560, ftLastWriteTime.dwHighDateTime=0x1d709e8, nFileSizeHigh=0x0, nFileSizeLow=0xaf8c)) returned 1 [0099.297] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4a00*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129a4a00*, lpNumberOfCharsWritten=0x128317e0*=0x49) returned 1 [0099.318] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\95qIU6V2taby9rkE-7B.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\95qiu6v2taby9rke-7b.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d6ac6c0, ftCreationTime.dwHighDateTime=0x1d6fabb, ftLastAccessTime.dwLowDateTime=0x228901a0, ftLastAccessTime.dwHighDateTime=0x1d6fd55, ftLastWriteTime.dwLowDateTime=0x228901a0, ftLastWriteTime.dwHighDateTime=0x1d6fd55, nFileSizeHigh=0x0, nFileSizeLow=0x25e4)) returned 1 [0099.318] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4aa0*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129a4aa0*, lpNumberOfCharsWritten=0x128317e0*=0x4c) returned 1 [0099.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\HZCrml MO689itQovwz.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\hzcrml mo689itqovwz.flv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4f1cff0, ftCreationTime.dwHighDateTime=0x1d6fab1, ftLastAccessTime.dwLowDateTime=0x8c335090, ftLastAccessTime.dwHighDateTime=0x1d7034c, ftLastWriteTime.dwLowDateTime=0x8c335090, ftLastWriteTime.dwHighDateTime=0x1d7034c, nFileSizeHigh=0x0, nFileSizeLow=0x2c2a)) returned 1 [0099.339] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4b40*, nNumberOfCharsToWrite=0x4d, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129a4b40*, lpNumberOfCharsWritten=0x128317e0*=0x4d) returned 1 [0099.377] SetEvent (hEvent=0x1d0) returned 1 [0099.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\N3AG.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\n3ag.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe323160, ftCreationTime.dwHighDateTime=0x1d70680, ftLastAccessTime.dwLowDateTime=0x2c8c9d00, ftLastAccessTime.dwHighDateTime=0x1d70869, ftLastWriteTime.dwLowDateTime=0x2c8c9d00, ftLastWriteTime.dwHighDateTime=0x1d70869, nFileSizeHigh=0x0, nFileSizeLow=0xad89)) returned 1 [0099.377] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129acd00*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129acd00*, lpNumberOfCharsWritten=0x128317e0*=0x3e) returned 1 [0099.396] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\cX6yGT.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\cx6ygt.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fc45690, ftCreationTime.dwHighDateTime=0x1d70423, ftLastAccessTime.dwLowDateTime=0xb8f76f00, ftLastAccessTime.dwHighDateTime=0x1d705fc, ftLastWriteTime.dwLowDateTime=0xb8f76f00, ftLastWriteTime.dwHighDateTime=0x1d705fc, nFileSizeHigh=0x0, nFileSizeLow=0x2e91)) returned 1 [0099.396] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ace80*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129ace80*, lpNumberOfCharsWritten=0x128317e0*=0x40) returned 1 [0099.414] SetEvent (hEvent=0x260) returned 1 [0099.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\yppx1B7j.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\yppx1b7j.flv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7678edc0, ftCreationTime.dwHighDateTime=0x1d70a7f, ftLastAccessTime.dwLowDateTime=0x8e4b1a90, ftLastAccessTime.dwHighDateTime=0x1d70a7f, ftLastWriteTime.dwLowDateTime=0x8e4b1a90, ftLastWriteTime.dwHighDateTime=0x1d70a7f, nFileSizeHigh=0x0, nFileSizeLow=0x10878)) returned 1 [0099.414] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292ea20*, nNumberOfCharsToWrite=0x42, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x1292ea20*, lpNumberOfCharsWritten=0x128317e0*=0x42) returned 1 [0099.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\zDAfxOHlO1SRg.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\zdafxohlo1srg.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506f72e0, ftCreationTime.dwHighDateTime=0x1d6ffab, ftLastAccessTime.dwLowDateTime=0xe4cf7cc0, ftLastAccessTime.dwHighDateTime=0x1d703eb, ftLastWriteTime.dwLowDateTime=0xe4cf7cc0, ftLastWriteTime.dwHighDateTime=0x1d703eb, nFileSizeHigh=0x0, nFileSizeLow=0x5299)) returned 1 [0099.429] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292eb40*, nNumberOfCharsToWrite=0x47, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x1292eb40*, lpNumberOfCharsWritten=0x128317e0*=0x47) returned 1 [0099.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefc05e70, ftCreationTime.dwHighDateTime=0x1d70624, ftLastAccessTime.dwLowDateTime=0x9bee8940, ftLastAccessTime.dwHighDateTime=0x1d706fe, ftLastWriteTime.dwLowDateTime=0x9bee8940, ftLastWriteTime.dwHighDateTime=0x1d706fe, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0099.469] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.470] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefc05e70, ftCreationTime.dwHighDateTime=0x1d70624, ftLastAccessTime.dwLowDateTime=0x9bee8940, ftLastAccessTime.dwHighDateTime=0x1d706fe, ftLastWriteTime.dwLowDateTime=0x9bee8940, ftLastWriteTime.dwHighDateTime=0x1d706fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.470] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xefc05e70, ftCreationTime.dwHighDateTime=0x1d70624, ftLastAccessTime.dwLowDateTime=0x9bee8940, ftLastAccessTime.dwHighDateTime=0x1d706fe, ftLastWriteTime.dwLowDateTime=0x9bee8940, ftLastWriteTime.dwHighDateTime=0x1d706fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.470] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x417108c0, ftCreationTime.dwHighDateTime=0x1d6fd31, ftLastAccessTime.dwLowDateTime=0x4e784520, ftLastAccessTime.dwHighDateTime=0x1d7091f, ftLastWriteTime.dwLowDateTime=0x4e784520, ftLastWriteTime.dwHighDateTime=0x1d7091f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="99IeKDH3aKF", cAlternateFileName="99IEKD~1")) returned 1 [0099.470] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb9fdf0, ftCreationTime.dwHighDateTime=0x1d709e7, ftLastAccessTime.dwLowDateTime=0x4dfff2e0, ftLastAccessTime.dwHighDateTime=0x1d70a06, ftLastWriteTime.dwLowDateTime=0x4dfff2e0, ftLastWriteTime.dwHighDateTime=0x1d70a06, nFileSizeHigh=0x0, nFileSizeLow=0x17c4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="g0lJSnouVtC.avi", cAlternateFileName="G0LJSN~1.AVI")) returned 1 [0099.470] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b838d80, ftCreationTime.dwHighDateTime=0x1d7038b, ftLastAccessTime.dwLowDateTime=0xfa5e06d0, ftLastAccessTime.dwHighDateTime=0x1d709ac, ftLastWriteTime.dwLowDateTime=0xfa5e06d0, ftLastWriteTime.dwHighDateTime=0x1d709ac, nFileSizeHigh=0x0, nFileSizeLow=0x5512, dwReserved0=0x0, dwReserved1=0x0, cFileName="lmoin.mkv", cAlternateFileName="")) returned 1 [0099.470] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0c20bb0, ftCreationTime.dwHighDateTime=0x1d70764, ftLastAccessTime.dwLowDateTime=0x1999f590, ftLastAccessTime.dwHighDateTime=0x1d70921, ftLastWriteTime.dwLowDateTime=0x1999f590, ftLastWriteTime.dwHighDateTime=0x1d70921, nFileSizeHigh=0x0, nFileSizeLow=0xf896, dwReserved0=0x0, dwReserved1=0x0, cFileName="nU1mCOq-5XZ.mkv", cAlternateFileName="NU1MCO~1.MKV")) returned 1 [0099.470] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.470] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.470] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.470] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.470] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.471] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0099.471] GetFileType (hFile=0x274) returned 0x1 [0099.471] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0099.471] CloseHandle (hObject=0x274) returned 1 [0099.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x417108c0, ftCreationTime.dwHighDateTime=0x1d6fd31, ftLastAccessTime.dwLowDateTime=0x4e784520, ftLastAccessTime.dwHighDateTime=0x1d7091f, ftLastWriteTime.dwLowDateTime=0x4e784520, ftLastWriteTime.dwHighDateTime=0x1d7091f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0099.472] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.472] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\*", lpFindFileData=0x12831998 | out: lpFindFileData=0x12831998*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x417108c0, ftCreationTime.dwHighDateTime=0x1d6fd31, ftLastAccessTime.dwLowDateTime=0x4e784520, ftLastAccessTime.dwHighDateTime=0x1d7091f, ftLastWriteTime.dwLowDateTime=0x4e784520, ftLastWriteTime.dwHighDateTime=0x1d7091f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.472] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x417108c0, ftCreationTime.dwHighDateTime=0x1d6fd31, ftLastAccessTime.dwLowDateTime=0x4e784520, ftLastAccessTime.dwHighDateTime=0x1d7091f, ftLastWriteTime.dwLowDateTime=0x4e784520, ftLastWriteTime.dwHighDateTime=0x1d7091f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.472] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde093dd0, ftCreationTime.dwHighDateTime=0x1d70798, ftLastAccessTime.dwLowDateTime=0xa46737e0, ftLastAccessTime.dwHighDateTime=0x1d7089b, ftLastWriteTime.dwLowDateTime=0xa46737e0, ftLastWriteTime.dwHighDateTime=0x1d7089b, nFileSizeHigh=0x0, nFileSizeLow=0x8973, dwReserved0=0x0, dwReserved1=0x0, cFileName="3Mz6kQ.mp4", cAlternateFileName="")) returned 1 [0099.472] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9d16f80, ftCreationTime.dwHighDateTime=0x1d6fd56, ftLastAccessTime.dwLowDateTime=0x68dd5b80, ftLastAccessTime.dwHighDateTime=0x1d707a3, ftLastWriteTime.dwLowDateTime=0x68dd5b80, ftLastWriteTime.dwHighDateTime=0x1d707a3, nFileSizeHigh=0x0, nFileSizeLow=0x69de, dwReserved0=0x0, dwReserved1=0x0, cFileName="4coWhXgRWgb.avi", cAlternateFileName="4COWHX~1.AVI")) returned 1 [0099.472] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fb237b0, ftCreationTime.dwHighDateTime=0x1d7042f, ftLastAccessTime.dwLowDateTime=0x27fa7e80, ftLastAccessTime.dwHighDateTime=0x1d709d9, ftLastWriteTime.dwLowDateTime=0x27fa7e80, ftLastWriteTime.dwHighDateTime=0x1d709d9, nFileSizeHigh=0x0, nFileSizeLow=0xb4d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="bFLtcXnRCEnIr3Q5Ohk.swf", cAlternateFileName="BFLTCX~1.SWF")) returned 1 [0099.472] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd4f2a30, ftCreationTime.dwHighDateTime=0x1d701d3, ftLastAccessTime.dwLowDateTime=0xb6e07a00, ftLastAccessTime.dwHighDateTime=0x1d701d7, ftLastWriteTime.dwLowDateTime=0xb6e07a00, ftLastWriteTime.dwHighDateTime=0x1d701d7, nFileSizeHigh=0x0, nFileSizeLow=0xde8, dwReserved0=0x0, dwReserved1=0x0, cFileName="e8RxABnO.swf", cAlternateFileName="")) returned 1 [0099.472] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28a27e00, ftCreationTime.dwHighDateTime=0x1d6ff07, ftLastAccessTime.dwLowDateTime=0x541a18d0, ftLastAccessTime.dwHighDateTime=0x1d70273, ftLastWriteTime.dwLowDateTime=0x541a18d0, ftLastWriteTime.dwHighDateTime=0x1d70273, nFileSizeHigh=0x0, nFileSizeLow=0x78f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="sWGYoz.swf", cAlternateFileName="")) returned 1 [0099.472] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.472] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a1c | out: lpFileInformation=0x12831a1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.473] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.473] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.473] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831c34 | out: lpMode=0x12831c34) returned 0 [0099.473] GetFileType (hFile=0x274) returned 0x1 [0099.473] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c24, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c24*=0x2b8, lpOverlapped=0x0) returned 1 [0099.474] CloseHandle (hObject=0x274) returned 1 [0099.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\3Mz6kQ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\3mz6kq.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde093dd0, ftCreationTime.dwHighDateTime=0x1d70798, ftLastAccessTime.dwLowDateTime=0xa46737e0, ftLastAccessTime.dwHighDateTime=0x1d7089b, ftLastWriteTime.dwLowDateTime=0xa46737e0, ftLastWriteTime.dwHighDateTime=0x1d7089b, nFileSizeHigh=0x0, nFileSizeLow=0x8973)) returned 1 [0099.475] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292ecf0*, nNumberOfCharsToWrite=0x44, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x1292ecf0*, lpNumberOfCharsWritten=0x12831778*=0x44) returned 1 [0099.494] SetEvent (hEvent=0x1d0) returned 1 [0099.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\4coWhXgRWgb.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\4cowhxgrwgb.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9d16f80, ftCreationTime.dwHighDateTime=0x1d6fd56, ftLastAccessTime.dwLowDateTime=0x68dd5b80, ftLastAccessTime.dwHighDateTime=0x1d707a3, ftLastWriteTime.dwLowDateTime=0x68dd5b80, ftLastWriteTime.dwHighDateTime=0x1d707a3, nFileSizeHigh=0x0, nFileSizeLow=0x69de)) returned 1 [0099.494] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1286c780*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x1286c780*, lpNumberOfCharsWritten=0x12831778*=0x49) returned 1 [0099.510] SetEvent (hEvent=0x1d0) returned 1 [0099.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\bFLtcXnRCEnIr3Q5Ohk.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\bfltcxnrcenir3q5ohk.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fb237b0, ftCreationTime.dwHighDateTime=0x1d7042f, ftLastAccessTime.dwLowDateTime=0x27fa7e80, ftLastAccessTime.dwHighDateTime=0x1d709d9, ftLastWriteTime.dwLowDateTime=0x27fa7e80, ftLastWriteTime.dwHighDateTime=0x1d709d9, nFileSizeHigh=0x0, nFileSizeLow=0xb4d3)) returned 1 [0099.511] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c698c0*, nNumberOfCharsToWrite=0x51, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12c698c0*, lpNumberOfCharsWritten=0x12831778*=0x51) returned 1 [0099.526] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\e8RxABnO.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\e8rxabno.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd4f2a30, ftCreationTime.dwHighDateTime=0x1d701d3, ftLastAccessTime.dwLowDateTime=0xb6e07a00, ftLastAccessTime.dwHighDateTime=0x1d701d7, ftLastWriteTime.dwLowDateTime=0xb6e07a00, ftLastWriteTime.dwHighDateTime=0x1d701d7, nFileSizeHigh=0x0, nFileSizeLow=0xde8)) returned 1 [0099.526] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d6fc0*, nNumberOfCharsToWrite=0x45, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d6fc0*, lpNumberOfCharsWritten=0x12831778*=0x45) returned 1 [0099.550] SetEvent (hEvent=0x260) returned 1 [0099.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\sWGYoz.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\swgyoz.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28a27e00, ftCreationTime.dwHighDateTime=0x1d6ff07, ftLastAccessTime.dwLowDateTime=0x541a18d0, ftLastAccessTime.dwHighDateTime=0x1d70273, ftLastWriteTime.dwLowDateTime=0x541a18d0, ftLastWriteTime.dwHighDateTime=0x1d70273, nFileSizeHigh=0x0, nFileSizeLow=0x78f3)) returned 1 [0099.550] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d7050*, nNumberOfCharsToWrite=0x44, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d7050*, lpNumberOfCharsWritten=0x12831778*=0x44) returned 1 [0099.573] SetEvent (hEvent=0x260) returned 1 [0099.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\g0lJSnouVtC.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\g0ljsnouvtc.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb9fdf0, ftCreationTime.dwHighDateTime=0x1d709e7, ftLastAccessTime.dwLowDateTime=0x4dfff2e0, ftLastAccessTime.dwHighDateTime=0x1d70a06, ftLastWriteTime.dwLowDateTime=0x4dfff2e0, ftLastWriteTime.dwHighDateTime=0x1d70a06, nFileSizeHigh=0x0, nFileSizeLow=0x17c4d)) returned 1 [0099.573] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12801a80*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12801a80*, lpNumberOfCharsWritten=0x128317e0*=0x3d) returned 1 [0099.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\lmoin.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\lmoin.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b838d80, ftCreationTime.dwHighDateTime=0x1d7038b, ftLastAccessTime.dwLowDateTime=0xfa5e06d0, ftLastAccessTime.dwHighDateTime=0x1d709ac, ftLastWriteTime.dwLowDateTime=0xfa5e06d0, ftLastWriteTime.dwHighDateTime=0x1d709ac, nFileSizeHigh=0x0, nFileSizeLow=0x5512)) returned 1 [0099.620] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12a5f260*, nNumberOfCharsToWrite=0x37, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12a5f260*, lpNumberOfCharsWritten=0x128317e0*=0x37) returned 1 [0099.658] SetEvent (hEvent=0x26c) returned 1 [0099.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\nU1mCOq-5XZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\nu1mcoq-5xz.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0c20bb0, ftCreationTime.dwHighDateTime=0x1d70764, ftLastAccessTime.dwLowDateTime=0x1999f590, ftLastAccessTime.dwHighDateTime=0x1d70921, ftLastWriteTime.dwLowDateTime=0x1999f590, ftLastWriteTime.dwHighDateTime=0x1d70921, nFileSizeHigh=0x0, nFileSizeLow=0xf896)) returned 1 [0099.658] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ad600*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129ad600*, lpNumberOfCharsWritten=0x128317e0*=0x3d) returned 1 [0099.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e518c80, ftCreationTime.dwHighDateTime=0x1d7018d, ftLastAccessTime.dwLowDateTime=0x2b601b0, ftLastAccessTime.dwHighDateTime=0x1d701c0, ftLastWriteTime.dwLowDateTime=0x2b601b0, ftLastWriteTime.dwHighDateTime=0x1d701c0, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0099.678] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.678] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e518c80, ftCreationTime.dwHighDateTime=0x1d7018d, ftLastAccessTime.dwLowDateTime=0x2b601b0, ftLastAccessTime.dwHighDateTime=0x1d701c0, ftLastWriteTime.dwLowDateTime=0x2b601b0, ftLastWriteTime.dwHighDateTime=0x1d701c0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.678] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e518c80, ftCreationTime.dwHighDateTime=0x1d7018d, ftLastAccessTime.dwLowDateTime=0x2b601b0, ftLastAccessTime.dwHighDateTime=0x1d701c0, ftLastWriteTime.dwLowDateTime=0x2b601b0, ftLastWriteTime.dwHighDateTime=0x1d701c0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.679] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x487378b0, ftCreationTime.dwHighDateTime=0x1d6fb79, ftLastAccessTime.dwLowDateTime=0x3637c2b0, ftLastAccessTime.dwHighDateTime=0x1d6fff6, ftLastWriteTime.dwLowDateTime=0x3637c2b0, ftLastWriteTime.dwHighDateTime=0x1d6fff6, nFileSizeHigh=0x0, nFileSizeLow=0x18897, dwReserved0=0x0, dwReserved1=0x0, cFileName="9lLzQ.avi", cAlternateFileName="")) returned 1 [0099.679] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe7735690, ftCreationTime.dwHighDateTime=0x1d7085f, ftLastAccessTime.dwLowDateTime=0xe7f15290, ftLastAccessTime.dwHighDateTime=0x1d70943, ftLastWriteTime.dwLowDateTime=0xe7f15290, ftLastWriteTime.dwHighDateTime=0x1d70943, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAr6B", cAlternateFileName="")) returned 1 [0099.679] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea11fbf0, ftCreationTime.dwHighDateTime=0x1d6fada, ftLastAccessTime.dwLowDateTime=0xc0cb8e90, ftLastAccessTime.dwHighDateTime=0x1d6ffa9, ftLastWriteTime.dwLowDateTime=0xc0cb8e90, ftLastWriteTime.dwHighDateTime=0x1d6ffa9, nFileSizeHigh=0x0, nFileSizeLow=0x1539d, dwReserved0=0x0, dwReserved1=0x0, cFileName="er5glMfqhf7.mkv", cAlternateFileName="ER5GLM~1.MKV")) returned 1 [0099.679] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8eeea1c0, ftCreationTime.dwHighDateTime=0x1d6fc82, ftLastAccessTime.dwLowDateTime=0x3a5da350, ftLastAccessTime.dwHighDateTime=0x1d6feb1, ftLastWriteTime.dwLowDateTime=0x3a5da350, ftLastWriteTime.dwHighDateTime=0x1d6feb1, nFileSizeHigh=0x0, nFileSizeLow=0x27fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="MF gNOEL8QBz.mkv", cAlternateFileName="MFGNOE~1.MKV")) returned 1 [0099.679] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7b25d00, ftCreationTime.dwHighDateTime=0x1d707b1, ftLastAccessTime.dwLowDateTime=0x3c0499d0, ftLastAccessTime.dwHighDateTime=0x1d707f7, ftLastWriteTime.dwLowDateTime=0x3c0499d0, ftLastWriteTime.dwHighDateTime=0x1d707f7, nFileSizeHigh=0x0, nFileSizeLow=0xaa6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="nbeBLlR.avi", cAlternateFileName="")) returned 1 [0099.679] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc67f9520, ftCreationTime.dwHighDateTime=0x1d6fcf7, ftLastAccessTime.dwLowDateTime=0x725ced10, ftLastAccessTime.dwHighDateTime=0x1d6ff1f, ftLastWriteTime.dwLowDateTime=0x725ced10, ftLastWriteTime.dwHighDateTime=0x1d6ff1f, nFileSizeHigh=0x0, nFileSizeLow=0x9383, dwReserved0=0x0, dwReserved1=0x0, cFileName="OPzgr0G4CKXjB.mkv", cAlternateFileName="OPZGR0~1.MKV")) returned 1 [0099.679] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98e77ab0, ftCreationTime.dwHighDateTime=0x1d701e3, ftLastAccessTime.dwLowDateTime=0xf084a150, ftLastAccessTime.dwHighDateTime=0x1d7048e, ftLastWriteTime.dwLowDateTime=0xf084a150, ftLastWriteTime.dwHighDateTime=0x1d7048e, nFileSizeHigh=0x0, nFileSizeLow=0x313b, dwReserved0=0x0, dwReserved1=0x0, cFileName="_eDGK9.mp4", cAlternateFileName="")) returned 1 [0099.679] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.679] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.679] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.679] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.680] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0099.680] GetFileType (hFile=0x274) returned 0x1 [0099.680] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0099.680] CloseHandle (hObject=0x274) returned 1 [0099.681] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\9lLzQ.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\9llzq.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x487378b0, ftCreationTime.dwHighDateTime=0x1d6fb79, ftLastAccessTime.dwLowDateTime=0x3637c2b0, ftLastAccessTime.dwHighDateTime=0x1d6fff6, ftLastWriteTime.dwLowDateTime=0x3637c2b0, ftLastWriteTime.dwHighDateTime=0x1d6fff6, nFileSizeHigh=0x0, nFileSizeLow=0x18897)) returned 1 [0099.681] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129ad700*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129ad700*, lpNumberOfCharsWritten=0x128317e0*=0x40) returned 1 [0099.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe7735690, ftCreationTime.dwHighDateTime=0x1d7085f, ftLastAccessTime.dwLowDateTime=0xe7f15290, ftLastAccessTime.dwHighDateTime=0x1d70943, ftLastWriteTime.dwLowDateTime=0xe7f15290, ftLastWriteTime.dwHighDateTime=0x1d70943, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.698] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.698] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\*", lpFindFileData=0x12831998 | out: lpFindFileData=0x12831998*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe7735690, ftCreationTime.dwHighDateTime=0x1d7085f, ftLastAccessTime.dwLowDateTime=0xe7f15290, ftLastAccessTime.dwHighDateTime=0x1d70943, ftLastWriteTime.dwLowDateTime=0xe7f15290, ftLastWriteTime.dwHighDateTime=0x1d70943, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.699] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe7735690, ftCreationTime.dwHighDateTime=0x1d7085f, ftLastAccessTime.dwLowDateTime=0xe7f15290, ftLastAccessTime.dwHighDateTime=0x1d70943, ftLastWriteTime.dwLowDateTime=0xe7f15290, ftLastWriteTime.dwHighDateTime=0x1d70943, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.699] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f803550, ftCreationTime.dwHighDateTime=0x1d6fd09, ftLastAccessTime.dwLowDateTime=0x248c8d40, ftLastAccessTime.dwHighDateTime=0x1d7099f, ftLastWriteTime.dwLowDateTime=0x248c8d40, ftLastWriteTime.dwHighDateTime=0x1d7099f, nFileSizeHigh=0x0, nFileSizeLow=0x15172, dwReserved0=0x0, dwReserved1=0x0, cFileName="AIzBr5ZrKX8.swf", cAlternateFileName="AIZBR5~1.SWF")) returned 1 [0099.699] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7a209490, ftCreationTime.dwHighDateTime=0x1d6fc7f, ftLastAccessTime.dwLowDateTime=0x13758c20, ftLastAccessTime.dwHighDateTime=0x1d708c1, ftLastWriteTime.dwLowDateTime=0x13758c20, ftLastWriteTime.dwHighDateTime=0x1d708c1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fGXoIXk", cAlternateFileName="")) returned 1 [0099.699] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34487180, ftCreationTime.dwHighDateTime=0x1d6fa32, ftLastAccessTime.dwLowDateTime=0xadad9ad0, ftLastAccessTime.dwHighDateTime=0x1d6faa2, ftLastWriteTime.dwLowDateTime=0xadad9ad0, ftLastWriteTime.dwHighDateTime=0x1d6faa2, nFileSizeHigh=0x0, nFileSizeLow=0x2186, dwReserved0=0x0, dwReserved1=0x0, cFileName="mCVrQ3VNk3q9t.mkv", cAlternateFileName="MCVRQ3~1.MKV")) returned 1 [0099.699] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.699] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.699] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a1c | out: lpFileInformation=0x12831a1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.699] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.699] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.748] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831c34 | out: lpMode=0x12831c34) returned 0 [0099.748] GetFileType (hFile=0x274) returned 0x1 [0099.748] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c24, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c24*=0x2b8, lpOverlapped=0x0) returned 1 [0099.749] CloseHandle (hObject=0x274) returned 1 [0099.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\AIzBr5ZrKX8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\aizbr5zrkx8.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f803550, ftCreationTime.dwHighDateTime=0x1d6fd09, ftLastAccessTime.dwLowDateTime=0x248c8d40, ftLastAccessTime.dwHighDateTime=0x1d7099f, ftLastWriteTime.dwLowDateTime=0x248c8d40, ftLastWriteTime.dwHighDateTime=0x1d7099f, nFileSizeHigh=0x0, nFileSizeLow=0x15172)) returned 1 [0099.749] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4d20*, nNumberOfCharsToWrite=0x4b, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a4d20*, lpNumberOfCharsWritten=0x12831778*=0x4b) returned 1 [0099.760] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7a209490, ftCreationTime.dwHighDateTime=0x1d6fc7f, ftLastAccessTime.dwLowDateTime=0x13758c20, ftLastAccessTime.dwHighDateTime=0x1d708c1, ftLastWriteTime.dwLowDateTime=0x13758c20, ftLastWriteTime.dwHighDateTime=0x1d708c1, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0099.760] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.760] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\*", lpFindFileData=0x12831930 | out: lpFindFileData=0x12831930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7a209490, ftCreationTime.dwHighDateTime=0x1d6fc7f, ftLastAccessTime.dwLowDateTime=0x13758c20, ftLastAccessTime.dwHighDateTime=0x1d708c1, ftLastWriteTime.dwLowDateTime=0x13758c20, ftLastWriteTime.dwHighDateTime=0x1d708c1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.760] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7a209490, ftCreationTime.dwHighDateTime=0x1d6fc7f, ftLastAccessTime.dwLowDateTime=0x13758c20, ftLastAccessTime.dwHighDateTime=0x1d708c1, ftLastWriteTime.dwLowDateTime=0x13758c20, ftLastWriteTime.dwHighDateTime=0x1d708c1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.760] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31805f0, ftCreationTime.dwHighDateTime=0x1d6ff4f, ftLastAccessTime.dwLowDateTime=0xf80f60f0, ftLastAccessTime.dwHighDateTime=0x1d708b1, ftLastWriteTime.dwLowDateTime=0xf80f60f0, ftLastWriteTime.dwHighDateTime=0x1d708b1, nFileSizeHigh=0x0, nFileSizeLow=0x12f4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="3aeT y.swf", cAlternateFileName="3AETY~1.SWF")) returned 1 [0099.760] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93fa0af0, ftCreationTime.dwHighDateTime=0x1d70773, ftLastAccessTime.dwLowDateTime=0x79739c20, ftLastAccessTime.dwHighDateTime=0x1d7078a, ftLastWriteTime.dwLowDateTime=0x79739c20, ftLastWriteTime.dwHighDateTime=0x1d7078a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="giDMeosqH0NeSG", cAlternateFileName="GIDMEO~1")) returned 1 [0099.760] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70f3fbc0, ftCreationTime.dwHighDateTime=0x1d6feb2, ftLastAccessTime.dwLowDateTime=0x4e23daa0, ftLastAccessTime.dwHighDateTime=0x1d6fefa, ftLastWriteTime.dwLowDateTime=0x4e23daa0, ftLastWriteTime.dwHighDateTime=0x1d6fefa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oo77", cAlternateFileName="")) returned 1 [0099.760] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4212340, ftCreationTime.dwHighDateTime=0x1d70459, ftLastAccessTime.dwLowDateTime=0xb4325fb0, ftLastAccessTime.dwHighDateTime=0x1d708d7, ftLastWriteTime.dwLowDateTime=0xb4325fb0, ftLastWriteTime.dwHighDateTime=0x1d708d7, nFileSizeHigh=0x0, nFileSizeLow=0x1527, dwReserved0=0x0, dwReserved1=0x0, cFileName="UyZKX--DfH6UhPde 1_.mp4", cAlternateFileName="UYZKX-~1.MP4")) returned 1 [0099.760] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd56d8e0, ftCreationTime.dwHighDateTime=0x1d6fcd1, ftLastAccessTime.dwLowDateTime=0x92b35e80, ftLastAccessTime.dwHighDateTime=0x1d70791, ftLastWriteTime.dwLowDateTime=0x92b35e80, ftLastWriteTime.dwHighDateTime=0x1d70791, nFileSizeHigh=0x0, nFileSizeLow=0x174bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="VOxYfcqy oiokY91TZs.flv", cAlternateFileName="VOXYFC~1.FLV")) returned 1 [0099.760] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa96e4a0, ftCreationTime.dwHighDateTime=0x1d6fa57, ftLastAccessTime.dwLowDateTime=0x8dc0bed0, ftLastAccessTime.dwHighDateTime=0x1d70382, ftLastWriteTime.dwLowDateTime=0x8dc0bed0, ftLastWriteTime.dwHighDateTime=0x1d70382, nFileSizeHigh=0x0, nFileSizeLow=0x15075, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aFJYVh irMQXFQ3AT.flv", cAlternateFileName="_AFJYV~1.FLV")) returned 1 [0099.760] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.760] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x128319b4 | out: lpFileInformation=0x128319b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.761] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.761] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.764] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831bcc | out: lpMode=0x12831bcc) returned 0 [0099.764] GetFileType (hFile=0x274) returned 0x1 [0099.764] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831bbc, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831bbc*=0x2b8, lpOverlapped=0x0) returned 1 [0099.765] CloseHandle (hObject=0x274) returned 1 [0099.766] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\3aeT y.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\3aet y.swf"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31805f0, ftCreationTime.dwHighDateTime=0x1d6ff4f, ftLastAccessTime.dwLowDateTime=0xf80f60f0, ftLastAccessTime.dwHighDateTime=0x1d708b1, ftLastWriteTime.dwLowDateTime=0xf80f60f0, ftLastWriteTime.dwHighDateTime=0x1d708b1, nFileSizeHigh=0x0, nFileSizeLow=0x12f4c)) returned 1 [0099.766] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4f00*, nNumberOfCharsToWrite=0x4e, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x129a4f00*, lpNumberOfCharsWritten=0x12831710*=0x4e) returned 1 [0099.804] SetEvent (hEvent=0x26c) returned 1 [0099.804] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\UyZKX--DfH6UhPde 1_.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\uyzkx--dfh6uhpde 1_.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4212340, ftCreationTime.dwHighDateTime=0x1d70459, ftLastAccessTime.dwLowDateTime=0xb4325fb0, ftLastAccessTime.dwHighDateTime=0x1d708d7, ftLastWriteTime.dwLowDateTime=0xb4325fb0, ftLastWriteTime.dwHighDateTime=0x1d708d7, nFileSizeHigh=0x0, nFileSizeLow=0x1527)) returned 1 [0099.804] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d2f00*, nNumberOfCharsToWrite=0x5a, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x128d2f00*, lpNumberOfCharsWritten=0x12831710*=0x5a) returned 1 [0099.828] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\VOxYfcqy oiokY91TZs.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\voxyfcqy oioky91tzs.flv"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd56d8e0, ftCreationTime.dwHighDateTime=0x1d6fcd1, ftLastAccessTime.dwLowDateTime=0x92b35e80, ftLastAccessTime.dwHighDateTime=0x1d70791, ftLastWriteTime.dwLowDateTime=0x92b35e80, ftLastWriteTime.dwHighDateTime=0x1d70791, nFileSizeHigh=0x0, nFileSizeLow=0x174bf)) returned 1 [0099.828] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d2fc0*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x128d2fc0*, lpNumberOfCharsWritten=0x12831710*=0x5b) returned 1 [0099.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\_aFJYVh irMQXFQ3AT.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\_afjyvh irmqxfq3at.flv"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa96e4a0, ftCreationTime.dwHighDateTime=0x1d6fa57, ftLastAccessTime.dwLowDateTime=0x8dc0bed0, ftLastAccessTime.dwHighDateTime=0x1d70382, ftLastWriteTime.dwLowDateTime=0x8dc0bed0, ftLastWriteTime.dwHighDateTime=0x1d70382, nFileSizeHigh=0x0, nFileSizeLow=0x15075)) returned 1 [0099.852] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d3140*, nNumberOfCharsToWrite=0x5a, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x128d3140*, lpNumberOfCharsWritten=0x12831710*=0x5a) returned 1 [0099.869] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0099.908] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0099.912] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0099.966] SetEvent (hEvent=0x1d0) returned 1 [0099.966] SwitchToThread () returned 1 [0099.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\LNTYHvH3cg5J_RxZQmO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\lntyhvh3cg5j_rxzqmo.flv"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5647e50, ftCreationTime.dwHighDateTime=0x1d70309, ftLastAccessTime.dwLowDateTime=0x213dc2a0, ftLastAccessTime.dwHighDateTime=0x1d70358, ftLastWriteTime.dwLowDateTime=0x213dc2a0, ftLastWriteTime.dwHighDateTime=0x1d70358, nFileSizeHigh=0x0, nFileSizeLow=0x4438)) returned 1 [0099.989] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\LNTYHvH3cg5J_RxZQmO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\lntyhvh3cg5j_rxzqmo.flv")) returned 0x20 [0099.989] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\LNTYHvH3cg5J_RxZQmO.flv", dwFileAttributes=0x20) returned 1 [0099.989] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\LNTYHvH3cg5J_RxZQmO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\lntyhvh3cg5j_rxzqmo.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.990] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0099.990] GetFileType (hFile=0x274) returned 0x1 [0099.990] GetFileType (hFile=0x274) returned 0x1 [0099.990] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.990] ReadFile (in: hFile=0x274, lpBuffer=0x12900004, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x12900004*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0099.990] SystemFunction036 (in: RandomBuffer=0x12d3a028, RandomBufferLength=0x10 | out: RandomBuffer=0x12d3a028) returned 1 [0099.990] SystemFunction036 (in: RandomBuffer=0x12d3a038, RandomBufferLength=0x10 | out: RandomBuffer=0x12d3a038) returned 1 [0099.990] GetFileType (hFile=0x274) returned 0x1 [0099.990] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0099.990] ReadFile (in: hFile=0x274, lpBuffer=0x12d3c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12d3c000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.990] GetFileType (hFile=0x274) returned 0x1 [0099.990] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0099.990] WriteFile (in: hFile=0x274, lpBuffer=0x12d42000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12d42000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.990] GetFileType (hFile=0x274) returned 0x1 [0099.991] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0099.991] SystemFunction036 (in: RandomBuffer=0x12d48001, RandomBufferLength=0x40 | out: RandomBuffer=0x12d48001) returned 1 [0099.991] WriteFile (in: hFile=0x274, lpBuffer=0x12900060*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12900060*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0099.991] WriteFile (in: hFile=0x274, lpBuffer=0x12d48100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12d48100*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0099.991] CloseHandle (hObject=0x274) returned 1 [0100.001] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\LNTYHvH3cg5J_RxZQmO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\lntyhvh3cg5j_rxzqmo.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\LNTYHvH3cg5J_RxZQmO.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\lntyhvh3cg5j_rxzqmo.flv.crypted"), dwFlags=0x1) returned 1 [0100.002] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\LNTYHvH3cg5J_RxZQmO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\lntyhvh3cg5j_rxzqmo.flv")) returned 0xffffffff [0100.002] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x1e, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0100.085] SetEvent (hEvent=0x260) returned 1 [0100.085] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa24, ulCount=0x10, ulNumEntriesRemoved=0x334efa0c, dwMilliseconds=0x4, fAlertable=0 | out: lpCompletionPortEntries=0x334efa24, ulNumEntriesRemoved=0x334efa0c) returned 0 [0100.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\HF2gq.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\hf2gq.flv"), fInfoLevelId=0x0, lpFileInformation=0x128cfc44 | out: lpFileInformation=0x128cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cddc910, ftCreationTime.dwHighDateTime=0x1d70605, ftLastAccessTime.dwLowDateTime=0xe7dcab30, ftLastAccessTime.dwHighDateTime=0x1d70919, ftLastWriteTime.dwLowDateTime=0xe7dcab30, ftLastWriteTime.dwHighDateTime=0x1d70919, nFileSizeHigh=0x0, nFileSizeLow=0x160db)) returned 1 [0100.121] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\HF2gq.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\hf2gq.flv")) returned 0x20 [0100.121] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\HF2gq.flv", dwFileAttributes=0x20) returned 1 [0100.122] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\HF2gq.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\hf2gq.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.122] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x128cfe88 | out: lpMode=0x128cfe88) returned 0 [0100.122] GetFileType (hFile=0x274) returned 0x1 [0100.122] GetFileType (hFile=0x274) returned 0x1 [0100.122] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.125] ReadFile (in: hFile=0x274, lpBuffer=0x128100c8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x128cfd14, lpOverlapped=0x0 | out: lpBuffer=0x128100c8*, lpNumberOfBytesRead=0x128cfd14*=0x4, lpOverlapped=0x0) returned 1 [0100.125] SystemFunction036 (in: RandomBuffer=0x129fe4d8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe4d8) returned 1 [0100.125] SystemFunction036 (in: RandomBuffer=0x129fe4e8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe4e8) returned 1 [0100.125] GetFileType (hFile=0x274) returned 0x1 [0100.125] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.125] ReadFile (in: hFile=0x274, lpBuffer=0x128e2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x128cfe80, lpOverlapped=0x0 | out: lpBuffer=0x128e2000*, lpNumberOfBytesRead=0x128cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0100.126] GetFileType (hFile=0x274) returned 0x1 [0100.126] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.126] WriteFile (in: hFile=0x274, lpBuffer=0x128e8000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x128cfe78, lpOverlapped=0x0 | out: lpBuffer=0x128e8000*, lpNumberOfBytesWritten=0x128cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0100.126] GetFileType (hFile=0x274) returned 0x1 [0100.126] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.126] SystemFunction036 (in: RandomBuffer=0x128b0301, RandomBufferLength=0x40 | out: RandomBuffer=0x128b0301) returned 1 [0100.127] WriteFile (in: hFile=0x274, lpBuffer=0x12810284*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x128cfd88, lpOverlapped=0x0 | out: lpBuffer=0x12810284*, lpNumberOfBytesWritten=0x128cfd88*=0x4, lpOverlapped=0x0) returned 1 [0100.127] WriteFile (in: hFile=0x274, lpBuffer=0x128b0400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x128cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128b0400*, lpNumberOfBytesWritten=0x128cfd88*=0x100, lpOverlapped=0x0) returned 1 [0100.127] CloseHandle (hObject=0x274) returned 1 [0100.131] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\HF2gq.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\hf2gq.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\HF2gq.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\hf2gq.flv.crypted"), dwFlags=0x1) returned 1 [0100.132] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\HF2gq.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\hf2gq.flv")) returned 0xffffffff [0100.132] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0xc, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0100.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\mCVrQ3VNk3q9t.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\mcvrq3vnk3q9t.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34487180, ftCreationTime.dwHighDateTime=0x1d6fa32, ftLastAccessTime.dwLowDateTime=0xadad9ad0, ftLastAccessTime.dwHighDateTime=0x1d6faa2, ftLastWriteTime.dwLowDateTime=0xadad9ad0, ftLastWriteTime.dwHighDateTime=0x1d6faa2, nFileSizeHigh=0x0, nFileSizeLow=0x2186)) returned 1 [0100.173] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\mCVrQ3VNk3q9t.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\mcvrq3vnk3q9t.mkv")) returned 0x20 [0100.173] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\mCVrQ3VNk3q9t.mkv", dwFileAttributes=0x20) returned 1 [0100.173] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\mCVrQ3VNk3q9t.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\mcvrq3vnk3q9t.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.174] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12837e88 | out: lpMode=0x12837e88) returned 0 [0100.174] GetFileType (hFile=0x274) returned 0x1 [0100.174] GetFileType (hFile=0x274) returned 0x1 [0100.174] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.174] ReadFile (in: hFile=0x274, lpBuffer=0x1288a1d0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12837d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a1d0*, lpNumberOfBytesRead=0x12837d14*=0x4, lpOverlapped=0x0) returned 1 [0100.174] SystemFunction036 (in: RandomBuffer=0x12cd84d8, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd84d8) returned 1 [0100.174] SystemFunction036 (in: RandomBuffer=0x12cd84e8, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd84e8) returned 1 [0100.174] GetFileType (hFile=0x274) returned 0x1 [0100.174] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.174] ReadFile (in: hFile=0x274, lpBuffer=0x1286a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12837e80, lpOverlapped=0x0 | out: lpBuffer=0x1286a000*, lpNumberOfBytesRead=0x12837e80*=0x2186, lpOverlapped=0x0) returned 1 [0100.174] GetFileType (hFile=0x274) returned 0x1 [0100.174] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.174] WriteFile (in: hFile=0x274, lpBuffer=0x12924000*, nNumberOfBytesToWrite=0x2190, lpNumberOfBytesWritten=0x12837e78, lpOverlapped=0x0 | out: lpBuffer=0x12924000*, lpNumberOfBytesWritten=0x12837e78*=0x2190, lpOverlapped=0x0) returned 1 [0100.175] GetFileType (hFile=0x274) returned 0x1 [0100.175] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.175] SystemFunction036 (in: RandomBuffer=0x12cf6901, RandomBufferLength=0x40 | out: RandomBuffer=0x12cf6901) returned 1 [0100.175] WriteFile (in: hFile=0x274, lpBuffer=0x1288a22c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a22c*, lpNumberOfBytesWritten=0x12837d88*=0x4, lpOverlapped=0x0) returned 1 [0100.175] WriteFile (in: hFile=0x274, lpBuffer=0x12cf6a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x12cf6a00*, lpNumberOfBytesWritten=0x12837d88*=0x100, lpOverlapped=0x0) returned 1 [0100.175] CloseHandle (hObject=0x274) returned 1 [0100.177] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\mCVrQ3VNk3q9t.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\mcvrq3vnk3q9t.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\mCVrQ3VNk3q9t.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\mcvrq3vnk3q9t.mkv.crypted"), dwFlags=0x1) returned 1 [0100.178] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\mCVrQ3VNk3q9t.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\mcvrq3vnk3q9t.mkv")) returned 0xffffffff [0100.178] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x2e, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0100.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\_eDGK9.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\_edgk9.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98e77ab0, ftCreationTime.dwHighDateTime=0x1d701e3, ftLastAccessTime.dwLowDateTime=0xf084a150, ftLastAccessTime.dwHighDateTime=0x1d7048e, ftLastWriteTime.dwLowDateTime=0xf084a150, ftLastWriteTime.dwHighDateTime=0x1d7048e, nFileSizeHigh=0x0, nFileSizeLow=0x313b)) returned 1 [0100.273] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\_eDGK9.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\_edgk9.mp4")) returned 0x20 [0100.273] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\_eDGK9.mp4", dwFileAttributes=0x20) returned 1 [0100.274] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\_eDGK9.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\_edgk9.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.274] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0100.274] GetFileType (hFile=0x274) returned 0x1 [0100.274] GetFileType (hFile=0x274) returned 0x1 [0100.274] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.274] ReadFile (in: hFile=0x274, lpBuffer=0x129000cc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x129000cc*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0100.274] SystemFunction036 (in: RandomBuffer=0x12d3a4d8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d3a4d8) returned 1 [0100.274] SystemFunction036 (in: RandomBuffer=0x12d3a4e8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d3a4e8) returned 1 [0100.274] GetFileType (hFile=0x274) returned 0x1 [0100.274] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0100.274] ReadFile (in: hFile=0x274, lpBuffer=0x12d66000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12d66000*, lpNumberOfBytesRead=0x12919e80*=0x313b, lpOverlapped=0x0) returned 1 [0100.275] GetFileType (hFile=0x274) returned 0x1 [0100.275] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0100.275] WriteFile (in: hFile=0x274, lpBuffer=0x12d6a000*, nNumberOfBytesToWrite=0x3140, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12d6a000*, lpNumberOfBytesWritten=0x12919e78*=0x3140, lpOverlapped=0x0) returned 1 [0100.275] GetFileType (hFile=0x274) returned 0x1 [0100.275] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0100.275] SystemFunction036 (in: RandomBuffer=0x12d48601, RandomBufferLength=0x40 | out: RandomBuffer=0x12d48601) returned 1 [0100.275] WriteFile (in: hFile=0x274, lpBuffer=0x12900128*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12900128*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0100.275] WriteFile (in: hFile=0x274, lpBuffer=0x12d48700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12d48700*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0100.275] CloseHandle (hObject=0x274) returned 1 [0100.277] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\_eDGK9.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\_edgk9.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\_eDGK9.mp4.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\_edgk9.mp4.crypted"), dwFlags=0x1) returned 1 [0100.278] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\_eDGK9.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\_edgk9.mp4")) returned 0xffffffff [0100.278] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x1a, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0100.350] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x334efa04, ulCount=0x10, ulNumEntriesRemoved=0x334ef9ec, dwMilliseconds=0x1c, fAlertable=0 | out: lpCompletionPortEntries=0x334efa04, ulNumEntriesRemoved=0x334ef9ec) returned 0 [0100.407] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) returned 0x0 [0100.432] SetEvent (hEvent=0x26c) returned 1 [0100.432] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1280e0a8*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x129a5a78, lpReserved=0x0 | out: lpBuffer=0x1280e0a8*, lpNumberOfCharsWritten=0x129a5a78*=0x9) returned 1 [0100.449] WaitForSingleObject (hHandle=0x1e4, dwMilliseconds=0xffffffff) Thread: id = 20 os_tid = 0xe2c [0093.987] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3362ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3362ff28*=0x1c4) returned 1 [0093.987] VirtualQuery (in: lpAddress=0x3362ff38, lpBuffer=0x3362ff38, dwLength=0x1c | out: lpBuffer=0x3362ff38*(BaseAddress=0x3362f000, AllocationBase=0x33530000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0093.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Qvi-dS4n9MsyIpDvRf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qvi-ds4n9msyipdvrf.swf"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f29dd70, ftCreationTime.dwHighDateTime=0x1d6fb1f, ftLastAccessTime.dwLowDateTime=0x8f323f60, ftLastAccessTime.dwHighDateTime=0x1d70462, ftLastWriteTime.dwLowDateTime=0x8f323f60, ftLastWriteTime.dwHighDateTime=0x1d70462, nFileSizeHigh=0x0, nFileSizeLow=0x4fb3)) returned 1 [0093.987] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Qvi-dS4n9MsyIpDvRf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qvi-ds4n9msyipdvrf.swf")) returned 0x20 [0093.988] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Qvi-dS4n9MsyIpDvRf.swf", dwFileAttributes=0x20) returned 1 [0093.988] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Qvi-dS4n9MsyIpDvRf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qvi-ds4n9msyipdvrf.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c8 [0093.990] GetConsoleMode (in: hConsoleHandle=0x1c8, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0093.990] GetFileType (hFile=0x1c8) returned 0x1 [0093.990] GetFileType (hFile=0x1c8) returned 0x1 [0093.990] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0093.991] ReadFile (in: hFile=0x1c8, lpBuffer=0x12900634, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x12900634*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0093.991] SystemFunction036 (in: RandomBuffer=0x12930fc8, RandomBufferLength=0x10 | out: RandomBuffer=0x12930fc8) returned 1 [0093.991] SystemFunction036 (in: RandomBuffer=0x12930fd8, RandomBufferLength=0x10 | out: RandomBuffer=0x12930fd8) returned 1 [0093.991] VirtualAlloc (lpAddress=0x12a96000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a96000 [0093.991] GetFileType (hFile=0x1c8) returned 0x1 [0093.991] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0093.991] ReadFile (in: hFile=0x1c8, lpBuffer=0x12a96000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12a96000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0093.991] VirtualAlloc (lpAddress=0x12a9a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a9a000 [0093.992] GetFileType (hFile=0x1c8) returned 0x1 [0093.992] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0093.992] WriteFile (in: hFile=0x1c8, lpBuffer=0x12a9a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12a9a000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0093.992] GetFileType (hFile=0x1c8) returned 0x1 [0093.992] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0093.992] SystemFunction036 (in: RandomBuffer=0x12950c01, RandomBufferLength=0x40 | out: RandomBuffer=0x12950c01) returned 1 [0093.993] VirtualAlloc (lpAddress=0x12a9e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a9e000 [0093.993] WriteFile (in: hFile=0x1c8, lpBuffer=0x12900690*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12900690*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0093.993] WriteFile (in: hFile=0x1c8, lpBuffer=0x12950d00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12950d00*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0093.993] CloseHandle (hObject=0x1c8) returned 1 [0094.029] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Qvi-dS4n9MsyIpDvRf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qvi-ds4n9msyipdvrf.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Qvi-dS4n9MsyIpDvRf.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qvi-ds4n9msyipdvrf.swf.crypted"), dwFlags=0x1) returned 1 [0094.756] SetEvent (hEvent=0x13c) returned 1 [0094.756] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Qvi-dS4n9MsyIpDvRf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qvi-ds4n9msyipdvrf.swf")) returned 0xffffffff [0094.768] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x200 [0094.768] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1cc [0094.768] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0094.777] SetEvent (hEvent=0x1e4) returned 1 [0094.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\0dQqEwX7b_r-zpvAb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\0dqqewx7b_r-zpvab.wav"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x141d0920, ftCreationTime.dwHighDateTime=0x1d70252, ftLastAccessTime.dwLowDateTime=0xad5440d0, ftLastAccessTime.dwHighDateTime=0x1d70843, ftLastWriteTime.dwLowDateTime=0xad5440d0, ftLastWriteTime.dwHighDateTime=0x1d70843, nFileSizeHigh=0x0, nFileSizeLow=0x142db)) returned 1 [0094.778] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\0dQqEwX7b_r-zpvAb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\0dqqewx7b_r-zpvab.wav")) returned 0x20 [0094.778] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\0dQqEwX7b_r-zpvAb.wav", dwFileAttributes=0x20) returned 1 [0094.778] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\0dQqEwX7b_r-zpvAb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\0dqqewx7b_r-zpvab.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c8 [0094.778] GetConsoleMode (in: hConsoleHandle=0x1c8, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0094.778] GetFileType (hFile=0x1c8) returned 0x1 [0094.778] GetFileType (hFile=0x1c8) returned 0x1 [0094.778] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.778] ReadFile (in: hFile=0x1c8, lpBuffer=0x1298e3dc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e3dc*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0094.779] SystemFunction036 (in: RandomBuffer=0x129a3108, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3108) returned 1 [0094.779] SystemFunction036 (in: RandomBuffer=0x129a3118, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3118) returned 1 [0094.779] VirtualAlloc (lpAddress=0x12b86000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b86000 [0094.779] GetFileType (hFile=0x1c8) returned 0x1 [0094.779] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0094.779] ReadFile (in: hFile=0x1c8, lpBuffer=0x12b86000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12b86000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.779] VirtualAlloc (lpAddress=0x12b8a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b8a000 [0094.780] GetFileType (hFile=0x1c8) returned 0x1 [0094.780] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0094.780] WriteFile (in: hFile=0x1c8, lpBuffer=0x12b8a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12b8a000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.780] GetFileType (hFile=0x1c8) returned 0x1 [0094.780] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0094.781] SystemFunction036 (in: RandomBuffer=0x129b9501, RandomBufferLength=0x40 | out: RandomBuffer=0x129b9501) returned 1 [0094.781] WriteFile (in: hFile=0x1c8, lpBuffer=0x1298e438*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e438*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0094.781] WriteFile (in: hFile=0x1c8, lpBuffer=0x129b9600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x129b9600*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0094.781] CloseHandle (hObject=0x1c8) returned 1 [0094.784] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\0dQqEwX7b_r-zpvAb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\0dqqewx7b_r-zpvab.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\0dQqEwX7b_r-zpvAb.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\0dqqewx7b_r-zpvab.wav.crypted"), dwFlags=0x1) returned 1 [0095.192] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\0dQqEwX7b_r-zpvAb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\0dqqewx7b_r-zpvab.wav")) returned 0xffffffff [0095.205] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4XkNQsq6XKr_P6HMwtn.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4xknqsq6xkr_p6hmwtn.doc"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa9ef750, ftCreationTime.dwHighDateTime=0x1d6fd3e, ftLastAccessTime.dwLowDateTime=0xbdb5060, ftLastAccessTime.dwHighDateTime=0x1d6fe41, ftLastWriteTime.dwLowDateTime=0xbdb5060, ftLastWriteTime.dwHighDateTime=0x1d6fe41, nFileSizeHigh=0x0, nFileSizeLow=0x118ca)) returned 1 [0095.238] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4XkNQsq6XKr_P6HMwtn.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4xknqsq6xkr_p6hmwtn.doc")) returned 0x20 [0095.238] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4XkNQsq6XKr_P6HMwtn.doc", dwFileAttributes=0x20) returned 1 [0095.239] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4XkNQsq6XKr_P6HMwtn.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4xknqsq6xkr_p6hmwtn.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0095.239] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.239] GetFileType (hFile=0x304) returned 0x1 [0095.239] GetFileType (hFile=0x304) returned 0x1 [0095.239] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.239] ReadFile (in: hFile=0x304, lpBuffer=0x12900bfc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x12900bfc*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.239] SystemFunction036 (in: RandomBuffer=0x12c90258, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90258) returned 1 [0095.239] SystemFunction036 (in: RandomBuffer=0x12c90268, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90268) returned 1 [0095.239] VirtualAlloc (lpAddress=0x12c9a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c9a000 [0095.239] GetFileType (hFile=0x304) returned 0x1 [0095.240] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.240] ReadFile (in: hFile=0x304, lpBuffer=0x12c9a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12c9a000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.240] VirtualAlloc (lpAddress=0x12c9e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c9e000 [0095.241] GetFileType (hFile=0x304) returned 0x1 [0095.241] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.241] WriteFile (in: hFile=0x304, lpBuffer=0x12c9e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12c9e000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.241] GetFileType (hFile=0x304) returned 0x1 [0095.241] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.241] SystemFunction036 (in: RandomBuffer=0x12ad9a01, RandomBufferLength=0x40 | out: RandomBuffer=0x12ad9a01) returned 1 [0095.241] WriteFile (in: hFile=0x304, lpBuffer=0x12900c58*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12900c58*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0095.241] WriteFile (in: hFile=0x304, lpBuffer=0x12ad9b00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12ad9b00*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0095.242] CloseHandle (hObject=0x304) returned 1 [0095.244] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4XkNQsq6XKr_P6HMwtn.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4xknqsq6xkr_p6hmwtn.doc"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4XkNQsq6XKr_P6HMwtn.doc.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4xknqsq6xkr_p6hmwtn.doc.crypted"), dwFlags=0x1) returned 1 [0095.244] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4XkNQsq6XKr_P6HMwtn.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4xknqsq6xkr_p6hmwtn.doc")) returned 0xffffffff [0095.244] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.286] SetEvent (hEvent=0x218) returned 1 [0095.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\90Gb-.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\90gb-.docx"), fInfoLevelId=0x0, lpFileInformation=0x12a6dc44 | out: lpFileInformation=0x12a6dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x408fb5d0, ftCreationTime.dwHighDateTime=0x1d68a38, ftLastAccessTime.dwLowDateTime=0xcf624a20, ftLastAccessTime.dwHighDateTime=0x1d6969f, ftLastWriteTime.dwLowDateTime=0xcf624a20, ftLastWriteTime.dwHighDateTime=0x1d6969f, nFileSizeHigh=0x0, nFileSizeLow=0xc3d2)) returned 1 [0095.286] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\90Gb-.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\90gb-.docx")) returned 0x20 [0095.286] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\90Gb-.docx", dwFileAttributes=0x20) returned 1 [0095.287] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\90Gb-.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\90gb-.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0095.287] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12a6de88 | out: lpMode=0x12a6de88) returned 0 [0095.287] GetFileType (hFile=0x304) returned 0x1 [0095.287] GetFileType (hFile=0x304) returned 0x1 [0095.287] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.287] ReadFile (in: hFile=0x304, lpBuffer=0x1281085c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6dd14, lpOverlapped=0x0 | out: lpBuffer=0x1281085c*, lpNumberOfBytesRead=0x12a6dd14*=0x4, lpOverlapped=0x0) returned 1 [0095.287] SystemFunction036 (in: RandomBuffer=0x128179c8, RandomBufferLength=0x10 | out: RandomBuffer=0x128179c8) returned 1 [0095.287] SystemFunction036 (in: RandomBuffer=0x128179d8, RandomBufferLength=0x10 | out: RandomBuffer=0x128179d8) returned 1 [0095.287] VirtualAlloc (lpAddress=0x12c40000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c40000 [0095.288] GetFileType (hFile=0x304) returned 0x1 [0095.288] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.288] ReadFile (in: hFile=0x304, lpBuffer=0x12c40000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6de80, lpOverlapped=0x0 | out: lpBuffer=0x12c40000*, lpNumberOfBytesRead=0x12a6de80*=0x4000, lpOverlapped=0x0) returned 1 [0095.288] VirtualAlloc (lpAddress=0x12c44000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c44000 [0095.289] GetFileType (hFile=0x304) returned 0x1 [0095.289] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.289] WriteFile (in: hFile=0x304, lpBuffer=0x12c44000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6de78, lpOverlapped=0x0 | out: lpBuffer=0x12c44000*, lpNumberOfBytesWritten=0x12a6de78*=0x4000, lpOverlapped=0x0) returned 1 [0095.289] GetFileType (hFile=0x304) returned 0x1 [0095.289] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.289] SystemFunction036 (in: RandomBuffer=0x12a7f101, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7f101) returned 1 [0095.289] WriteFile (in: hFile=0x304, lpBuffer=0x128108b8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6dd88, lpOverlapped=0x0 | out: lpBuffer=0x128108b8*, lpNumberOfBytesWritten=0x12a6dd88*=0x4, lpOverlapped=0x0) returned 1 [0095.290] WriteFile (in: hFile=0x304, lpBuffer=0x12a7f200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6dd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7f200*, lpNumberOfBytesWritten=0x12a6dd88*=0x100, lpOverlapped=0x0) returned 1 [0095.290] CloseHandle (hObject=0x304) returned 1 [0095.307] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\90Gb-.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\90gb-.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\90Gb-.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\90gb-.docx.crypted"), dwFlags=0x1) returned 1 [0095.308] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\90Gb-.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\90gb-.docx")) returned 0xffffffff [0095.308] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.392] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NvhgQY.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\nvhgqy.xls"), fInfoLevelId=0x0, lpFileInformation=0x12b6dc44 | out: lpFileInformation=0x12b6dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70c6b3a0, ftCreationTime.dwHighDateTime=0x1d6fdd5, ftLastAccessTime.dwLowDateTime=0x76914940, ftLastAccessTime.dwHighDateTime=0x1d70022, ftLastWriteTime.dwLowDateTime=0x76914940, ftLastWriteTime.dwHighDateTime=0x1d70022, nFileSizeHigh=0x0, nFileSizeLow=0x15d93)) returned 1 [0095.425] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NvhgQY.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\nvhgqy.xls")) returned 0x20 [0095.425] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NvhgQY.xls", dwFileAttributes=0x20) returned 1 [0095.425] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NvhgQY.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\nvhgqy.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.425] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12b6de88 | out: lpMode=0x12b6de88) returned 0 [0095.425] GetFileType (hFile=0x310) returned 0x1 [0095.425] GetFileType (hFile=0x310) returned 0x1 [0095.425] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.425] ReadFile (in: hFile=0x310, lpBuffer=0x1288b7a4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b6dd14, lpOverlapped=0x0 | out: lpBuffer=0x1288b7a4*, lpNumberOfBytesRead=0x12b6dd14*=0x4, lpOverlapped=0x0) returned 1 [0095.425] SystemFunction036 (in: RandomBuffer=0x128cdf68, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdf68) returned 1 [0095.425] SystemFunction036 (in: RandomBuffer=0x128cdf78, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdf78) returned 1 [0095.425] VirtualAlloc (lpAddress=0x12d0e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d0e000 [0095.426] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.441] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.442] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.456] SwitchToThread () returned 1 [0095.484] SetEvent (hEvent=0x2b4) returned 1 [0095.484] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.514] SetEvent (hEvent=0x20c) returned 1 [0095.514] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\Ke4Xu6HrzU4nsA9.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\ke4xu6hrzu4nsa9.doc"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3df2a550, ftCreationTime.dwHighDateTime=0x1d701f0, ftLastAccessTime.dwLowDateTime=0x9cbdcb20, ftLastAccessTime.dwHighDateTime=0x1d708f6, ftLastWriteTime.dwLowDateTime=0x9cbdcb20, ftLastWriteTime.dwHighDateTime=0x1d708f6, nFileSizeHigh=0x0, nFileSizeLow=0x18365)) returned 1 [0095.520] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\Ke4Xu6HrzU4nsA9.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\ke4xu6hrzu4nsa9.doc")) returned 0x20 [0095.520] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\Ke4Xu6HrzU4nsA9.doc", dwFileAttributes=0x20) returned 1 [0095.520] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\Ke4Xu6HrzU4nsA9.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\ke4xu6hrzu4nsa9.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x30c [0095.520] GetConsoleMode (in: hConsoleHandle=0x30c, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0095.520] GetFileType (hFile=0x30c) returned 0x1 [0095.520] GetFileType (hFile=0x30c) returned 0x1 [0095.520] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.520] ReadFile (in: hFile=0x30c, lpBuffer=0x12810034, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x12810034*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.521] SystemFunction036 (in: RandomBuffer=0x128160c8, RandomBufferLength=0x10 | out: RandomBuffer=0x128160c8) returned 1 [0095.521] SystemFunction036 (in: RandomBuffer=0x128160d8, RandomBufferLength=0x10 | out: RandomBuffer=0x128160d8) returned 1 [0095.521] GetFileType (hFile=0x30c) returned 0x1 [0095.521] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.521] ReadFile (in: hFile=0x30c, lpBuffer=0x12948000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12948000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.521] GetFileType (hFile=0x30c) returned 0x1 [0095.521] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.521] WriteFile (in: hFile=0x30c, lpBuffer=0x128d8000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x128d8000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.521] GetFileType (hFile=0x30c) returned 0x1 [0095.521] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0x14000, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.521] ReadFile (in: hFile=0x30c, lpBuffer=0x12948000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12948000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.522] GetFileType (hFile=0x30c) returned 0x1 [0095.522] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0x14000, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.522] WriteFile (in: hFile=0x30c, lpBuffer=0x128ec000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x128ec000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.522] GetFileType (hFile=0x30c) returned 0x1 [0095.522] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.522] SystemFunction036 (in: RandomBuffer=0x12a7e001, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7e001) returned 1 [0095.522] WriteFile (in: hFile=0x30c, lpBuffer=0x12810090*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12810090*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.523] WriteFile (in: hFile=0x30c, lpBuffer=0x12a7e100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7e100*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.523] CloseHandle (hObject=0x30c) returned 1 [0095.529] VirtualAlloc (lpAddress=0x12d28000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d28000 [0095.529] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\Ke4Xu6HrzU4nsA9.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\ke4xu6hrzu4nsa9.doc"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\Ke4Xu6HrzU4nsA9.doc.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\ke4xu6hrzu4nsa9.doc.crypted"), dwFlags=0x1) returned 1 [0095.530] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\Ke4Xu6HrzU4nsA9.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\ke4xu6hrzu4nsa9.doc")) returned 0xffffffff [0095.530] SetEvent (hEvent=0x218) returned 1 [0095.530] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.548] SwitchToThread () returned 1 [0095.566] SetEvent (hEvent=0x2b4) returned 1 [0095.566] VirtualAlloc (lpAddress=0x12d84000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d84000 [0095.566] VirtualAlloc (lpAddress=0x12d8c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d8c000 [0095.566] VirtualAlloc (lpAddress=0x12d8e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d8e000 [0095.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\aiei3.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\aiei3.doc"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1ba4da0, ftCreationTime.dwHighDateTime=0x1d706f7, ftLastAccessTime.dwLowDateTime=0xa7525ef0, ftLastAccessTime.dwHighDateTime=0x1d70961, ftLastWriteTime.dwLowDateTime=0xa7525ef0, ftLastWriteTime.dwHighDateTime=0x1d70961, nFileSizeHigh=0x0, nFileSizeLow=0x8f9f)) returned 1 [0095.567] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\aiei3.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\aiei3.doc")) returned 0x20 [0095.567] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\aiei3.doc", dwFileAttributes=0x20) returned 1 [0095.567] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\aiei3.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\aiei3.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.567] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0095.567] GetFileType (hFile=0x310) returned 0x1 [0095.567] GetFileType (hFile=0x310) returned 0x1 [0095.567] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.567] ReadFile (in: hFile=0x310, lpBuffer=0x1288a004, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a004*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0095.568] SystemFunction036 (in: RandomBuffer=0x12d166b8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d166b8) returned 1 [0095.568] SystemFunction036 (in: RandomBuffer=0x12d166c8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d166c8) returned 1 [0095.568] VirtualAlloc (lpAddress=0x12d90000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d90000 [0095.568] VirtualAlloc (lpAddress=0x12d94000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d94000 [0095.568] GetFileType (hFile=0x310) returned 0x1 [0095.568] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.568] ReadFile (in: hFile=0x310, lpBuffer=0x12d90000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12d90000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.569] VirtualAlloc (lpAddress=0x12d96000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d96000 [0095.569] GetFileType (hFile=0x310) returned 0x1 [0095.569] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.569] WriteFile (in: hFile=0x310, lpBuffer=0x12d96000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12d96000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.569] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x351f0000 [0095.570] VirtualAlloc (lpAddress=0x12d9a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d9a000 [0095.570] GetFileType (hFile=0x310) returned 0x1 [0095.570] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.570] VirtualAlloc (lpAddress=0x12d9c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d9c000 [0095.570] VirtualAlloc (lpAddress=0x12d9e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d9e000 [0095.571] SystemFunction036 (in: RandomBuffer=0x12d9e001, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9e001) returned 1 [0095.571] VirtualAlloc (lpAddress=0x12da0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12da0000 [0095.571] VirtualAlloc (lpAddress=0x12da2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12da2000 [0095.571] VirtualAlloc (lpAddress=0x12da4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12da4000 [0095.572] WriteFile (in: hFile=0x310, lpBuffer=0x1288a0f0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a0f0*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0095.572] WriteFile (in: hFile=0x310, lpBuffer=0x12d9e100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9e100*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0095.572] CloseHandle (hObject=0x310) returned 1 [0095.577] VirtualAlloc (lpAddress=0x12da8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12da8000 [0095.577] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\aiei3.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\aiei3.doc"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\aiei3.doc.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\aiei3.doc.crypted"), dwFlags=0x1) returned 1 [0095.578] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\aiei3.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\aiei3.doc")) returned 0xffffffff [0095.578] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.598] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.620] SetEvent (hEvent=0x2b4) returned 1 [0095.620] VirtualFree (lpAddress=0x12ca0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.620] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.640] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.653] SetEvent (hEvent=0x20c) returned 1 [0095.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\5m1S6Vhyy.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\5m1s6vhyy.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0cdfc40, ftCreationTime.dwHighDateTime=0x1d6ff0a, ftLastAccessTime.dwLowDateTime=0x69ab7950, ftLastAccessTime.dwHighDateTime=0x1d70363, ftLastWriteTime.dwLowDateTime=0x69ab7950, ftLastWriteTime.dwHighDateTime=0x1d70363, nFileSizeHigh=0x0, nFileSizeLow=0xfdbe)) returned 1 [0095.653] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\5m1S6Vhyy.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\5m1s6vhyy.xlsx")) returned 0x20 [0095.653] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\5m1S6Vhyy.xlsx", dwFileAttributes=0x20) returned 1 [0095.655] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\5m1S6Vhyy.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\5m1s6vhyy.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.656] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0095.656] GetFileType (hFile=0x310) returned 0x1 [0095.656] GetFileType (hFile=0x310) returned 0x1 [0095.656] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.656] ReadFile (in: hFile=0x310, lpBuffer=0x128100ac, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x128100ac*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.656] SystemFunction036 (in: RandomBuffer=0x128162f8, RandomBufferLength=0x10 | out: RandomBuffer=0x128162f8) returned 1 [0095.656] SystemFunction036 (in: RandomBuffer=0x12816308, RandomBufferLength=0x10 | out: RandomBuffer=0x12816308) returned 1 [0095.656] VirtualAlloc (lpAddress=0x12d2a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d2a000 [0095.657] GetFileType (hFile=0x310) returned 0x1 [0095.657] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.657] ReadFile (in: hFile=0x310, lpBuffer=0x12d2a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12d2a000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.657] VirtualAlloc (lpAddress=0x12d2e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d2e000 [0095.658] GetFileType (hFile=0x310) returned 0x1 [0095.658] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.658] WriteFile (in: hFile=0x310, lpBuffer=0x12d2e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12d2e000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.658] GetFileType (hFile=0x310) returned 0x1 [0095.658] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.658] SystemFunction036 (in: RandomBuffer=0x12a7e301, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7e301) returned 1 [0095.658] VirtualAlloc (lpAddress=0x12d32000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d32000 [0095.659] WriteFile (in: hFile=0x310, lpBuffer=0x12810108*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12810108*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.659] WriteFile (in: hFile=0x310, lpBuffer=0x12a7e400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7e400*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.659] CloseHandle (hObject=0x310) returned 1 [0095.662] VirtualAlloc (lpAddress=0x12d36000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d36000 [0095.662] VirtualAlloc (lpAddress=0x12d38000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d38000 [0095.663] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\5m1S6Vhyy.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\5m1s6vhyy.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\5m1S6Vhyy.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\5m1s6vhyy.xlsx.crypted"), dwFlags=0x1) returned 1 [0095.663] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\5m1S6Vhyy.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\5m1s6vhyy.xlsx")) returned 0xffffffff [0095.663] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.731] SetEvent (hEvent=0x2b4) returned 1 [0095.731] VirtualFree (lpAddress=0x12c98000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.731] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.814] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.827] SetEvent (hEvent=0x20c) returned 1 [0095.827] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\keqkXJmj_XVc8NkMC.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\keqkxjmj_xvc8nkmc.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64206930, ftCreationTime.dwHighDateTime=0x1d6ff5f, ftLastAccessTime.dwLowDateTime=0xf7f2b3f0, ftLastAccessTime.dwHighDateTime=0x1d7044d, ftLastWriteTime.dwLowDateTime=0xf7f2b3f0, ftLastWriteTime.dwHighDateTime=0x1d7044d, nFileSizeHigh=0x0, nFileSizeLow=0x15783)) returned 1 [0095.827] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\keqkXJmj_XVc8NkMC.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\keqkxjmj_xvc8nkmc.rtf")) returned 0x20 [0095.827] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\keqkXJmj_XVc8NkMC.rtf", dwFileAttributes=0x20) returned 1 [0095.828] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\keqkXJmj_XVc8NkMC.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\keqkxjmj_xvc8nkmc.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.828] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.828] GetFileType (hFile=0x310) returned 0x1 [0095.828] GetFileType (hFile=0x310) returned 0x1 [0095.828] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.828] ReadFile (in: hFile=0x310, lpBuffer=0x1298e254, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e254*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.828] SystemFunction036 (in: RandomBuffer=0x12be49d8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be49d8) returned 1 [0095.828] SystemFunction036 (in: RandomBuffer=0x12be49e8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be49e8) returned 1 [0095.828] VirtualAlloc (lpAddress=0x12cda000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cda000 [0095.829] GetFileType (hFile=0x310) returned 0x1 [0095.829] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.829] ReadFile (in: hFile=0x310, lpBuffer=0x12cda000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12cda000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.829] VirtualAlloc (lpAddress=0x12cde000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cde000 [0095.830] GetFileType (hFile=0x310) returned 0x1 [0095.830] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.830] WriteFile (in: hFile=0x310, lpBuffer=0x12cde000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12cde000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.830] GetFileType (hFile=0x310) returned 0x1 [0095.830] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.830] SystemFunction036 (in: RandomBuffer=0x12b53201, RandomBufferLength=0x40 | out: RandomBuffer=0x12b53201) returned 1 [0095.830] VirtualAlloc (lpAddress=0x12ce2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ce2000 [0095.831] WriteFile (in: hFile=0x310, lpBuffer=0x1298e2b0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e2b0*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0095.845] WriteFile (in: hFile=0x310, lpBuffer=0x12b53300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12b53300*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0095.845] CloseHandle (hObject=0x310) returned 1 [0095.847] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\keqkXJmj_XVc8NkMC.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\keqkxjmj_xvc8nkmc.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\keqkXJmj_XVc8NkMC.rtf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\keqkxjmj_xvc8nkmc.rtf.crypted"), dwFlags=0x1) returned 1 [0095.848] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\keqkXJmj_XVc8NkMC.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\keqkxjmj_xvc8nkmc.rtf")) returned 0xffffffff [0095.848] SetEvent (hEvent=0x2b4) returned 1 [0095.848] VirtualFree (lpAddress=0x12c94000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.849] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\ve5SvDA4.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\ve5svda4.ods"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b451000, ftCreationTime.dwHighDateTime=0x1d6fea5, ftLastAccessTime.dwLowDateTime=0x7e5160b0, ftLastAccessTime.dwHighDateTime=0x1d70348, ftLastWriteTime.dwLowDateTime=0x7e5160b0, ftLastWriteTime.dwHighDateTime=0x1d70348, nFileSizeHigh=0x0, nFileSizeLow=0x15d20)) returned 1 [0095.879] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\ve5SvDA4.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\ve5svda4.ods")) returned 0x20 [0095.879] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\ve5SvDA4.ods", dwFileAttributes=0x20) returned 1 [0095.879] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\ve5SvDA4.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\ve5svda4.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0095.879] GetConsoleMode (in: hConsoleHandle=0x28c, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0095.879] GetFileType (hFile=0x28c) returned 0x1 [0095.880] GetFileType (hFile=0x28c) returned 0x1 [0095.880] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.880] ReadFile (in: hFile=0x28c, lpBuffer=0x128102b4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x128102b4*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.880] SystemFunction036 (in: RandomBuffer=0x12816578, RandomBufferLength=0x10 | out: RandomBuffer=0x12816578) returned 1 [0095.880] SystemFunction036 (in: RandomBuffer=0x12816588, RandomBufferLength=0x10 | out: RandomBuffer=0x12816588) returned 1 [0095.880] VirtualAlloc (lpAddress=0x12d3a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d3a000 [0095.880] GetFileType (hFile=0x28c) returned 0x1 [0095.880] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.881] ReadFile (in: hFile=0x28c, lpBuffer=0x12d3a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12d3a000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.881] VirtualAlloc (lpAddress=0x12d3e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d3e000 [0095.881] GetFileType (hFile=0x28c) returned 0x1 [0095.881] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.881] WriteFile (in: hFile=0x28c, lpBuffer=0x12d3e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12d3e000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.885] GetFileType (hFile=0x28c) returned 0x1 [0095.885] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.885] ReadFile (in: hFile=0x28c, lpBuffer=0x12d3a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12d3a000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.885] VirtualAlloc (lpAddress=0x12d42000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d42000 [0095.886] GetFileType (hFile=0x28c) returned 0x1 [0095.886] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.886] WriteFile (in: hFile=0x28c, lpBuffer=0x12d42000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12d42000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.886] GetFileType (hFile=0x28c) returned 0x1 [0095.886] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.886] SystemFunction036 (in: RandomBuffer=0x12a7e601, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7e601) returned 1 [0095.887] WriteFile (in: hFile=0x28c, lpBuffer=0x12810310*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12810310*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.887] WriteFile (in: hFile=0x28c, lpBuffer=0x12a7e700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7e700*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.887] CloseHandle (hObject=0x28c) returned 1 [0095.891] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\ve5SvDA4.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\ve5svda4.ods"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\ve5SvDA4.ods.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\ve5svda4.ods.crypted"), dwFlags=0x1) returned 1 [0095.892] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\ve5SvDA4.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\ve5svda4.ods")) returned 0xffffffff [0095.892] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.951] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\yrCi4R1znEIIicM.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\yrci4r1zneiiicm.ods"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x502b35d0, ftCreationTime.dwHighDateTime=0x1d703fc, ftLastAccessTime.dwLowDateTime=0xe0d80270, ftLastAccessTime.dwHighDateTime=0x1d7061d, ftLastWriteTime.dwLowDateTime=0xe0d80270, ftLastWriteTime.dwHighDateTime=0x1d7061d, nFileSizeHigh=0x0, nFileSizeLow=0x140d2)) returned 1 [0095.951] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\yrCi4R1znEIIicM.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\yrci4r1zneiiicm.ods")) returned 0x20 [0095.954] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\yrCi4R1znEIIicM.ods", dwFileAttributes=0x20) returned 1 [0095.954] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\yrCi4R1znEIIicM.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\yrci4r1zneiiicm.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0095.955] GetConsoleMode (in: hConsoleHandle=0x28c, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0095.955] GetFileType (hFile=0x28c) returned 0x1 [0095.955] GetFileType (hFile=0x28c) returned 0x1 [0095.955] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.955] ReadFile (in: hFile=0x28c, lpBuffer=0x1288a334, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a334*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0095.955] SystemFunction036 (in: RandomBuffer=0x12d17338, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17338) returned 1 [0095.955] SystemFunction036 (in: RandomBuffer=0x12d17348, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17348) returned 1 [0095.955] VirtualAlloc (lpAddress=0x12dd4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dd4000 [0095.955] GetFileType (hFile=0x28c) returned 0x1 [0095.955] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.956] ReadFile (in: hFile=0x28c, lpBuffer=0x12dd4000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12dd4000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.956] VirtualAlloc (lpAddress=0x12dd8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dd8000 [0095.956] GetFileType (hFile=0x28c) returned 0x1 [0095.957] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.957] WriteFile (in: hFile=0x28c, lpBuffer=0x12dd8000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12dd8000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.957] GetFileType (hFile=0x28c) returned 0x1 [0095.957] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.957] ReadFile (in: hFile=0x28c, lpBuffer=0x12dd4000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12dd4000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.957] VirtualAlloc (lpAddress=0x12ddc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ddc000 [0095.958] GetFileType (hFile=0x28c) returned 0x1 [0095.958] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.958] WriteFile (in: hFile=0x28c, lpBuffer=0x12ddc000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12ddc000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.958] GetFileType (hFile=0x28c) returned 0x1 [0095.958] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.958] SystemFunction036 (in: RandomBuffer=0x12d9ef01, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9ef01) returned 1 [0095.959] WriteFile (in: hFile=0x28c, lpBuffer=0x1288a390*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a390*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0095.959] WriteFile (in: hFile=0x28c, lpBuffer=0x12d9f000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9f000*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0095.959] CloseHandle (hObject=0x28c) returned 1 [0095.961] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\yrCi4R1znEIIicM.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\yrci4r1zneiiicm.ods"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\yrCi4R1znEIIicM.ods.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\yrci4r1zneiiicm.ods.crypted"), dwFlags=0x1) returned 1 [0095.962] VirtualAlloc (lpAddress=0x12de0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12de0000 [0095.962] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\yrCi4R1znEIIicM.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\yrci4r1zneiiicm.ods")) returned 0xffffffff [0095.962] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0095.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\JnOi1dEaD9FVdj5H8I.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\jnoi1dead9fvdj5h8i.docx"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe94aad0, ftCreationTime.dwHighDateTime=0x1d6fdcf, ftLastAccessTime.dwLowDateTime=0x1fe03d70, ftLastAccessTime.dwHighDateTime=0x1d6fdd1, ftLastWriteTime.dwLowDateTime=0x1fe03d70, ftLastWriteTime.dwHighDateTime=0x1d6fdd1, nFileSizeHigh=0x0, nFileSizeLow=0x12c17)) returned 1 [0095.994] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\JnOi1dEaD9FVdj5H8I.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\jnoi1dead9fvdj5h8i.docx")) returned 0x20 [0095.994] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\JnOi1dEaD9FVdj5H8I.docx", dwFileAttributes=0x20) returned 1 [0095.994] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\JnOi1dEaD9FVdj5H8I.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\jnoi1dead9fvdj5h8i.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0095.995] GetConsoleMode (in: hConsoleHandle=0x314, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.995] GetFileType (hFile=0x314) returned 0x1 [0095.995] GetFileType (hFile=0x314) returned 0x1 [0095.995] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.995] ReadFile (in: hFile=0x314, lpBuffer=0x1298e354, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e354*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.995] SystemFunction036 (in: RandomBuffer=0x12be4f78, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4f78) returned 1 [0095.995] SystemFunction036 (in: RandomBuffer=0x12be4f88, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4f88) returned 1 [0095.995] VirtualAlloc (lpAddress=0x12cf2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cf2000 [0095.996] GetFileType (hFile=0x314) returned 0x1 [0095.996] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.996] ReadFile (in: hFile=0x314, lpBuffer=0x12cf2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12cf2000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.996] VirtualAlloc (lpAddress=0x12cf6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cf6000 [0095.996] GetFileType (hFile=0x314) returned 0x1 [0095.997] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.997] WriteFile (in: hFile=0x314, lpBuffer=0x12cf6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12cf6000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.997] GetFileType (hFile=0x314) returned 0x1 [0095.997] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.997] SystemFunction036 (in: RandomBuffer=0x12cec101, RandomBufferLength=0x40 | out: RandomBuffer=0x12cec101) returned 1 [0095.997] WriteFile (in: hFile=0x314, lpBuffer=0x1298e3b0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e3b0*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0095.998] WriteFile (in: hFile=0x314, lpBuffer=0x12cec200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12cec200*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0095.998] CloseHandle (hObject=0x314) returned 1 [0096.004] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\JnOi1dEaD9FVdj5H8I.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\jnoi1dead9fvdj5h8i.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\JnOi1dEaD9FVdj5H8I.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\jnoi1dead9fvdj5h8i.docx.crypted"), dwFlags=0x1) returned 1 [0096.004] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\JnOi1dEaD9FVdj5H8I.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\jnoi1dead9fvdj5h8i.docx")) returned 0xffffffff [0096.004] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3362fa04, ulCount=0x10, ulNumEntriesRemoved=0x3362f9ec, dwMilliseconds=0x17, fAlertable=0 | out: lpCompletionPortEntries=0x3362fa04, ulNumEntriesRemoved=0x3362f9ec) returned 0 [0096.052] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3362fa04, ulCount=0x10, ulNumEntriesRemoved=0x3362f9ec, dwMilliseconds=0x12, fAlertable=0 | out: lpCompletionPortEntries=0x3362fa04, ulNumEntriesRemoved=0x3362f9ec) returned 0 [0096.092] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3362fa04, ulCount=0x10, ulNumEntriesRemoved=0x3362f9ec, dwMilliseconds=0x34, fAlertable=0 | out: lpCompletionPortEntries=0x3362fa04, ulNumEntriesRemoved=0x3362f9ec) returned 0 [0096.171] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3362fa04, ulCount=0x10, ulNumEntriesRemoved=0x3362f9ec, dwMilliseconds=0x20, fAlertable=0 | out: lpCompletionPortEntries=0x3362fa04, ulNumEntriesRemoved=0x3362f9ec) returned 0 [0096.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my pictures"), fInfoLevelId=0x0, lpFileInformation=0x12a6fc44 | out: lpFileInformation=0x12a6fc44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.219] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my pictures"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x308 [0096.219] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0x12a6fbd0 | out: lpFileInformation=0x12a6fbd0) returned 1 [0096.219] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0x12a6fbc8, dwBufferSize=0x8 | out: lpFileInformation=0x12a6fbc8) returned 1 [0096.219] CloseHandle (hObject=0x308) returned 1 [0096.219] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my pictures")) returned 0x2416 [0096.219] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures", dwFileAttributes=0x2416) returned 1 [0096.219] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my pictures"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.219] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures\\*", lpFindFileData=0x12a6fb9c | out: lpFindFileData=0x12a6fb9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0096.220] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my pictures")) returned 0x2416 [0096.220] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures", dwFileAttributes=0x2417) returned 1 [0096.220] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3362fa04, ulCount=0x10, ulNumEntriesRemoved=0x3362f9ec, dwMilliseconds=0x28, fAlertable=0 | out: lpCompletionPortEntries=0x3362fa04, ulNumEntriesRemoved=0x3362f9ec) returned 0 [0096.280] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.324] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.348] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.367] SetEvent (hEvent=0xfc) returned 1 [0096.367] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iNydqE6ZqnU-cP.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\inydqe6zqnu-cp.ppt"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x131081a0, ftCreationTime.dwHighDateTime=0x1d700d2, ftLastAccessTime.dwLowDateTime=0x18b86880, ftLastAccessTime.dwHighDateTime=0x1d70329, ftLastWriteTime.dwLowDateTime=0x18b86880, ftLastWriteTime.dwHighDateTime=0x1d70329, nFileSizeHigh=0x0, nFileSizeLow=0x1d05)) returned 1 [0096.367] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iNydqE6ZqnU-cP.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\inydqe6zqnu-cp.ppt")) returned 0x20 [0096.367] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iNydqE6ZqnU-cP.ppt", dwFileAttributes=0x20) returned 1 [0096.368] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iNydqE6ZqnU-cP.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\inydqe6zqnu-cp.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0096.368] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0096.368] GetFileType (hFile=0x304) returned 0x1 [0096.371] GetFileType (hFile=0x304) returned 0x1 [0096.371] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.371] ReadFile (in: hFile=0x304, lpBuffer=0x128104e4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x128104e4*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0096.371] SystemFunction036 (in: RandomBuffer=0x128173d8, RandomBufferLength=0x10 | out: RandomBuffer=0x128173d8) returned 1 [0096.371] SystemFunction036 (in: RandomBuffer=0x128173e8, RandomBufferLength=0x10 | out: RandomBuffer=0x128173e8) returned 1 [0096.371] VirtualAlloc (lpAddress=0x12d78000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d78000 [0096.372] GetFileType (hFile=0x304) returned 0x1 [0096.372] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.372] ReadFile (in: hFile=0x304, lpBuffer=0x12d78000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12d78000*, lpNumberOfBytesRead=0x12a1fe80*=0x1d05, lpOverlapped=0x0) returned 1 [0096.372] VirtualAlloc (lpAddress=0x12d7c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d7c000 [0096.372] GetFileType (hFile=0x304) returned 0x1 [0096.373] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.373] WriteFile (in: hFile=0x304, lpBuffer=0x12d7c000*, nNumberOfBytesToWrite=0x1d10, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12d7c000*, lpNumberOfBytesWritten=0x12a1fe78*=0x1d10, lpOverlapped=0x0) returned 1 [0096.373] GetFileType (hFile=0x304) returned 0x1 [0096.373] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.373] SystemFunction036 (in: RandomBuffer=0x12a7f801, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7f801) returned 1 [0096.373] VirtualAlloc (lpAddress=0x12d7e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d7e000 [0096.374] WriteFile (in: hFile=0x304, lpBuffer=0x12810540*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12810540*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0096.374] WriteFile (in: hFile=0x304, lpBuffer=0x12a7f900*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7f900*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0096.374] CloseHandle (hObject=0x304) returned 1 [0096.375] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iNydqE6ZqnU-cP.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\inydqe6zqnu-cp.ppt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iNydqE6ZqnU-cP.ppt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\inydqe6zqnu-cp.ppt.crypted"), dwFlags=0x1) returned 1 [0096.376] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iNydqE6ZqnU-cP.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\inydqe6zqnu-cp.ppt")) returned 0xffffffff [0096.376] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.422] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.459] VirtualFree (lpAddress=0x12c52000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vTz7ukVPLfFQ.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtz7ukvplffq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12833c44 | out: lpFileInformation=0x12833c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6774ae90, ftCreationTime.dwHighDateTime=0x1d6dff5, ftLastAccessTime.dwLowDateTime=0xa51a2ed0, ftLastAccessTime.dwHighDateTime=0x1d70135, ftLastWriteTime.dwLowDateTime=0xa51a2ed0, ftLastWriteTime.dwHighDateTime=0x1d70135, nFileSizeHigh=0x0, nFileSizeLow=0x7676)) returned 1 [0096.459] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vTz7ukVPLfFQ.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtz7ukvplffq.xlsx")) returned 0x20 [0096.459] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vTz7ukVPLfFQ.xlsx", dwFileAttributes=0x20) returned 1 [0096.460] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vTz7ukVPLfFQ.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtz7ukvplffq.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0096.460] GetConsoleMode (in: hConsoleHandle=0x224, lpMode=0x12833e88 | out: lpMode=0x12833e88) returned 0 [0096.460] GetFileType (hFile=0x224) returned 0x1 [0096.460] GetFileType (hFile=0x224) returned 0x1 [0096.460] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.460] ReadFile (in: hFile=0x224, lpBuffer=0x1298e4d4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12833d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e4d4*, lpNumberOfBytesRead=0x12833d14*=0x4, lpOverlapped=0x0) returned 1 [0096.460] SystemFunction036 (in: RandomBuffer=0x12be5518, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5518) returned 1 [0096.460] SystemFunction036 (in: RandomBuffer=0x12be5528, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5528) returned 1 [0096.460] GetFileType (hFile=0x224) returned 0x1 [0096.460] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0096.460] ReadFile (in: hFile=0x224, lpBuffer=0x129c0000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12833e80, lpOverlapped=0x0 | out: lpBuffer=0x129c0000*, lpNumberOfBytesRead=0x12833e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.461] GetFileType (hFile=0x224) returned 0x1 [0096.461] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0096.461] WriteFile (in: hFile=0x224, lpBuffer=0x129c6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12833e78, lpOverlapped=0x0 | out: lpBuffer=0x129c6000*, lpNumberOfBytesWritten=0x12833e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.461] GetFileType (hFile=0x224) returned 0x1 [0096.461] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0096.461] SystemFunction036 (in: RandomBuffer=0x12cecb01, RandomBufferLength=0x40 | out: RandomBuffer=0x12cecb01) returned 1 [0096.461] WriteFile (in: hFile=0x224, lpBuffer=0x1298e530*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12833d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e530*, lpNumberOfBytesWritten=0x12833d88*=0x4, lpOverlapped=0x0) returned 1 [0096.461] WriteFile (in: hFile=0x224, lpBuffer=0x12cecc00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12833d88, lpOverlapped=0x0 | out: lpBuffer=0x12cecc00*, lpNumberOfBytesWritten=0x12833d88*=0x100, lpOverlapped=0x0) returned 1 [0096.462] CloseHandle (hObject=0x224) returned 1 [0096.463] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vTz7ukVPLfFQ.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtz7ukvplffq.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vTz7ukVPLfFQ.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtz7ukvplffq.xlsx.crypted"), dwFlags=0x1) returned 1 [0096.467] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vTz7ukVPLfFQ.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtz7ukvplffq.xlsx")) returned 0xffffffff [0096.467] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.506] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.547] SetEvent (hEvent=0x1b0) returned 1 [0096.547] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.605] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x12a6dc44 | out: lpFileInformation=0x12a6dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x207)) returned 1 [0096.605] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.lnk")) returned 0x20 [0096.605] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk", dwFileAttributes=0x20) returned 1 [0096.606] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0096.606] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12a6de88 | out: lpMode=0x12a6de88) returned 0 [0096.606] GetFileType (hFile=0x308) returned 0x1 [0096.606] GetFileType (hFile=0x308) returned 0x1 [0096.606] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.606] ReadFile (in: hFile=0x308, lpBuffer=0x1298e670, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6dd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e670*, lpNumberOfBytesRead=0x12a6dd14*=0x4, lpOverlapped=0x0) returned 1 [0096.607] SystemFunction036 (in: RandomBuffer=0x12be5b08, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5b08) returned 1 [0096.607] SystemFunction036 (in: RandomBuffer=0x12be5b18, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5b18) returned 1 [0096.607] GetFileType (hFile=0x308) returned 0x1 [0096.607] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6de9c | out: lpNewFilePointer=0x0) returned 1 [0096.607] ReadFile (in: hFile=0x308, lpBuffer=0x129ee000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6de80, lpOverlapped=0x0 | out: lpBuffer=0x129ee000*, lpNumberOfBytesRead=0x12a6de80*=0x207, lpOverlapped=0x0) returned 1 [0096.607] GetFileType (hFile=0x308) returned 0x1 [0096.607] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6de9c | out: lpNewFilePointer=0x0) returned 1 [0096.607] WriteFile (in: hFile=0x308, lpBuffer=0x1299e240*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x12a6de78, lpOverlapped=0x0 | out: lpBuffer=0x1299e240*, lpNumberOfBytesWritten=0x12a6de78*=0x210, lpOverlapped=0x0) returned 1 [0096.607] GetFileType (hFile=0x308) returned 0x1 [0096.607] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6de9c | out: lpNewFilePointer=0x0) returned 1 [0096.608] SystemFunction036 (in: RandomBuffer=0x12ced401, RandomBufferLength=0x40 | out: RandomBuffer=0x12ced401) returned 1 [0096.608] WriteFile (in: hFile=0x308, lpBuffer=0x1298e6cc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6dd88, lpOverlapped=0x0 | out: lpBuffer=0x1298e6cc*, lpNumberOfBytesWritten=0x12a6dd88*=0x4, lpOverlapped=0x0) returned 1 [0096.608] WriteFile (in: hFile=0x308, lpBuffer=0x12ced500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6dd88, lpOverlapped=0x0 | out: lpBuffer=0x12ced500*, lpNumberOfBytesWritten=0x12a6dd88*=0x100, lpOverlapped=0x0) returned 1 [0096.624] CloseHandle (hObject=0x308) returned 1 [0096.625] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.lnk.crypted"), dwFlags=0x1) returned 1 [0096.627] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.lnk")) returned 0xffffffff [0096.627] SetEvent (hEvent=0x1b0) returned 1 [0096.627] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.654] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.672] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) returned 0x0 [0096.750] SetEvent (hEvent=0x1b0) returned 1 [0096.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\7VAU_SZVOE6QLBs72.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\7vau_szvoe6qlbs72.mp3"), fInfoLevelId=0x0, lpFileInformation=0x129d5c44 | out: lpFileInformation=0x129d5c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d1c5510, ftCreationTime.dwHighDateTime=0x1d6fd7a, ftLastAccessTime.dwLowDateTime=0xf3899ec0, ftLastAccessTime.dwHighDateTime=0x1d6ffbe, ftLastWriteTime.dwLowDateTime=0xf3899ec0, ftLastWriteTime.dwHighDateTime=0x1d6ffbe, nFileSizeHigh=0x0, nFileSizeLow=0x169c8)) returned 1 [0096.750] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\7VAU_SZVOE6QLBs72.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\7vau_szvoe6qlbs72.mp3")) returned 0x20 [0096.750] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\7VAU_SZVOE6QLBs72.mp3", dwFileAttributes=0x20) returned 1 [0096.751] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\7VAU_SZVOE6QLBs72.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\7vau_szvoe6qlbs72.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0096.751] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0x129d5e88 | out: lpMode=0x129d5e88) returned 0 [0096.751] GetFileType (hFile=0x1c0) returned 0x1 [0096.751] GetFileType (hFile=0x1c0) returned 0x1 [0096.751] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.751] ReadFile (in: hFile=0x1c0, lpBuffer=0x1281062c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129d5d14, lpOverlapped=0x0 | out: lpBuffer=0x1281062c*, lpNumberOfBytesRead=0x129d5d14*=0x4, lpOverlapped=0x0) returned 1 [0096.751] SystemFunction036 (in: RandomBuffer=0x12817838, RandomBufferLength=0x10 | out: RandomBuffer=0x12817838) returned 1 [0096.751] SystemFunction036 (in: RandomBuffer=0x12817848, RandomBufferLength=0x10 | out: RandomBuffer=0x12817848) returned 1 [0096.751] GetFileType (hFile=0x1c0) returned 0x1 [0096.751] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0096.751] ReadFile (in: hFile=0x1c0, lpBuffer=0x12b08000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d5e80, lpOverlapped=0x0 | out: lpBuffer=0x12b08000*, lpNumberOfBytesRead=0x129d5e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.752] GetFileType (hFile=0x1c0) returned 0x1 [0096.752] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0096.752] WriteFile (in: hFile=0x1c0, lpBuffer=0x12b18000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129d5e78, lpOverlapped=0x0 | out: lpBuffer=0x12b18000*, lpNumberOfBytesWritten=0x129d5e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.752] GetFileType (hFile=0x1c0) returned 0x1 [0096.752] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0096.752] SystemFunction036 (in: RandomBuffer=0x1295e001, RandomBufferLength=0x40 | out: RandomBuffer=0x1295e001) returned 1 [0096.752] WriteFile (in: hFile=0x1c0, lpBuffer=0x12810688*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x12810688*, lpNumberOfBytesWritten=0x129d5d88*=0x4, lpOverlapped=0x0) returned 1 [0096.752] WriteFile (in: hFile=0x1c0, lpBuffer=0x1295e100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x1295e100*, lpNumberOfBytesWritten=0x129d5d88*=0x100, lpOverlapped=0x0) returned 1 [0096.753] CloseHandle (hObject=0x1c0) returned 1 [0096.756] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\7VAU_SZVOE6QLBs72.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\7vau_szvoe6qlbs72.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\7VAU_SZVOE6QLBs72.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\7vau_szvoe6qlbs72.mp3.crypted"), dwFlags=0x1) returned 1 [0096.756] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\7VAU_SZVOE6QLBs72.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\7vau_szvoe6qlbs72.mp3")) returned 0xffffffff [0096.756] SetEvent (hEvent=0x218) returned 1 [0096.756] VirtualFree (lpAddress=0x12c44000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.757] WaitForSingleObject (hHandle=0x200, dwMilliseconds=0xffffffff) Thread: id = 21 os_tid = 0x104c [0094.013] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3376ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3376ff28*=0x1d8) returned 1 [0094.013] VirtualQuery (in: lpAddress=0x3376ff38, lpBuffer=0x3376ff38, dwLength=0x1c | out: lpBuffer=0x3376ff38*(BaseAddress=0x3376f000, AllocationBase=0x33670000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.013] SetEvent (hEvent=0x118) returned 1 [0094.013] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1dc [0094.013] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e0 [0094.013] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0094.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZaUlEzOulRLVBjJU.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zaulezoulrlvbjju.m4a"), fInfoLevelId=0x0, lpFileInformation=0x129d1c44 | out: lpFileInformation=0x129d1c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13db63c0, ftCreationTime.dwHighDateTime=0x1d703e8, ftLastAccessTime.dwLowDateTime=0xeaa0ce10, ftLastAccessTime.dwHighDateTime=0x1d706c5, ftLastWriteTime.dwLowDateTime=0xeaa0ce10, ftLastWriteTime.dwHighDateTime=0x1d706c5, nFileSizeHigh=0x0, nFileSizeLow=0x583d)) returned 1 [0094.036] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZaUlEzOulRLVBjJU.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zaulezoulrlvbjju.m4a")) returned 0x20 [0094.036] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZaUlEzOulRLVBjJU.m4a", dwFileAttributes=0x20) returned 1 [0094.038] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZaUlEzOulRLVBjJU.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zaulezoulrlvbjju.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0094.038] GetConsoleMode (in: hConsoleHandle=0x1e8, lpMode=0x129d1e88 | out: lpMode=0x129d1e88) returned 0 [0094.038] GetFileType (hFile=0x1e8) returned 0x1 [0094.039] GetFileType (hFile=0x1e8) returned 0x1 [0094.039] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129d1e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.039] ReadFile (in: hFile=0x1e8, lpBuffer=0x1288b2fc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129d1d14, lpOverlapped=0x0 | out: lpBuffer=0x1288b2fc*, lpNumberOfBytesRead=0x129d1d14*=0x4, lpOverlapped=0x0) returned 1 [0094.039] SystemFunction036 (in: RandomBuffer=0x128ccc58, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccc58) returned 1 [0094.039] SystemFunction036 (in: RandomBuffer=0x128ccc68, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccc68) returned 1 [0094.039] VirtualAlloc (lpAddress=0x12b00000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b00000 [0094.039] GetFileType (hFile=0x1e8) returned 0x1 [0094.039] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d1e9c | out: lpNewFilePointer=0x0) returned 1 [0094.039] ReadFile (in: hFile=0x1e8, lpBuffer=0x12b00000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d1e80, lpOverlapped=0x0 | out: lpBuffer=0x12b00000*, lpNumberOfBytesRead=0x129d1e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.040] VirtualAlloc (lpAddress=0x12b04000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b04000 [0094.040] GetFileType (hFile=0x1e8) returned 0x1 [0094.040] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d1e9c | out: lpNewFilePointer=0x0) returned 1 [0094.040] WriteFile (in: hFile=0x1e8, lpBuffer=0x12b04000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129d1e78, lpOverlapped=0x0 | out: lpBuffer=0x12b04000*, lpNumberOfBytesWritten=0x129d1e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.040] GetFileType (hFile=0x1e8) returned 0x1 [0094.040] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d1e9c | out: lpNewFilePointer=0x0) returned 1 [0094.040] SystemFunction036 (in: RandomBuffer=0x128dec01, RandomBufferLength=0x40 | out: RandomBuffer=0x128dec01) returned 1 [0094.041] VirtualAlloc (lpAddress=0x12b08000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b08000 [0094.041] WriteFile (in: hFile=0x1e8, lpBuffer=0x1288b358*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129d1d88, lpOverlapped=0x0 | out: lpBuffer=0x1288b358*, lpNumberOfBytesWritten=0x129d1d88*=0x4, lpOverlapped=0x0) returned 1 [0094.041] WriteFile (in: hFile=0x1e8, lpBuffer=0x128ded00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129d1d88, lpOverlapped=0x0 | out: lpBuffer=0x128ded00*, lpNumberOfBytesWritten=0x129d1d88*=0x100, lpOverlapped=0x0) returned 1 [0094.041] CloseHandle (hObject=0x1e8) returned 1 [0094.085] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0094.139] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZaUlEzOulRLVBjJU.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zaulezoulrlvbjju.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZaUlEzOulRLVBjJU.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zaulezoulrlvbjju.m4a.crypted"), dwFlags=0x1) returned 1 [0094.977] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZaUlEzOulRLVBjJU.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zaulezoulrlvbjju.m4a")) returned 0xffffffff [0095.017] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0095.049] SetEvent (hEvent=0x1ec) returned 1 [0095.049] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0095.069] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qV2oI ZBBRMAHt8w.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qv2oi zbbrmaht8w.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12a4fc44 | out: lpFileInformation=0x12a4fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0d8e650, ftCreationTime.dwHighDateTime=0x1d709c0, ftLastAccessTime.dwLowDateTime=0xb82c4e80, ftLastAccessTime.dwHighDateTime=0x1d70a28, ftLastWriteTime.dwLowDateTime=0xb82c4e80, ftLastWriteTime.dwHighDateTime=0x1d70a28, nFileSizeHigh=0x0, nFileSizeLow=0x168cf)) returned 1 [0095.069] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qV2oI ZBBRMAHt8w.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qv2oi zbbrmaht8w.mkv")) returned 0x20 [0095.069] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qV2oI ZBBRMAHt8w.mkv", dwFileAttributes=0x20) returned 1 [0095.069] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qV2oI ZBBRMAHt8w.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qv2oi zbbrmaht8w.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0095.069] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0x12a4fe88 | out: lpMode=0x12a4fe88) returned 0 [0095.069] GetFileType (hFile=0x23c) returned 0x1 [0095.069] GetFileType (hFile=0x23c) returned 0x1 [0095.069] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.069] ReadFile (in: hFile=0x23c, lpBuffer=0x1288b660, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a4fd14, lpOverlapped=0x0 | out: lpBuffer=0x1288b660*, lpNumberOfBytesRead=0x12a4fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.069] SystemFunction036 (in: RandomBuffer=0x128cdab8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdab8) returned 1 [0095.069] SystemFunction036 (in: RandomBuffer=0x128cdac8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdac8) returned 1 [0095.069] VirtualAlloc (lpAddress=0x12b60000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b60000 [0095.070] GetFileType (hFile=0x23c) returned 0x1 [0095.070] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.070] ReadFile (in: hFile=0x23c, lpBuffer=0x12b60000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4fe80, lpOverlapped=0x0 | out: lpBuffer=0x12b60000*, lpNumberOfBytesRead=0x12a4fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.070] VirtualAlloc (lpAddress=0x12b64000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b64000 [0095.074] GetFileType (hFile=0x23c) returned 0x1 [0095.074] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.074] WriteFile (in: hFile=0x23c, lpBuffer=0x12b64000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4fe78, lpOverlapped=0x0 | out: lpBuffer=0x12b64000*, lpNumberOfBytesWritten=0x12a4fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.074] GetFileType (hFile=0x23c) returned 0x1 [0095.074] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.074] SystemFunction036 (in: RandomBuffer=0x12b52b01, RandomBufferLength=0x40 | out: RandomBuffer=0x12b52b01) returned 1 [0095.075] WriteFile (in: hFile=0x23c, lpBuffer=0x1288b6bc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a4fd88, lpOverlapped=0x0 | out: lpBuffer=0x1288b6bc*, lpNumberOfBytesWritten=0x12a4fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.075] WriteFile (in: hFile=0x23c, lpBuffer=0x12b52c00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a4fd88, lpOverlapped=0x0 | out: lpBuffer=0x12b52c00*, lpNumberOfBytesWritten=0x12a4fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.075] CloseHandle (hObject=0x23c) returned 1 [0095.083] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0095.109] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qV2oI ZBBRMAHt8w.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qv2oi zbbrmaht8w.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qV2oI ZBBRMAHt8w.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qv2oi zbbrmaht8w.mkv.crypted"), dwFlags=0x1) returned 1 [0096.920] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qV2oI ZBBRMAHt8w.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qv2oi zbbrmaht8w.mkv")) returned 0xffffffff [0096.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\nIVzqLF49.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\nivzqlf49.wav"), fInfoLevelId=0x0, lpFileInformation=0x12a4fc44 | out: lpFileInformation=0x12a4fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba8a5660, ftCreationTime.dwHighDateTime=0x1d6fe2d, ftLastAccessTime.dwLowDateTime=0x716ceab0, ftLastAccessTime.dwHighDateTime=0x1d6ffc2, ftLastWriteTime.dwLowDateTime=0x716ceab0, ftLastWriteTime.dwHighDateTime=0x1d6ffc2, nFileSizeHigh=0x0, nFileSizeLow=0x10b54)) returned 1 [0096.990] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\nIVzqLF49.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\nivzqlf49.wav")) returned 0x20 [0096.990] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\nIVzqLF49.wav", dwFileAttributes=0x20) returned 1 [0096.990] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\nIVzqLF49.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\nivzqlf49.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0096.990] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0x12a4fe88 | out: lpMode=0x12a4fe88) returned 0 [0096.990] GetFileType (hFile=0x2f4) returned 0x1 [0096.990] GetFileType (hFile=0x2f4) returned 0x1 [0096.990] SetFilePointerEx (in: hFile=0x2f4, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.991] ReadFile (in: hFile=0x2f4, lpBuffer=0x12900514, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a4fd14, lpOverlapped=0x0 | out: lpBuffer=0x12900514*, lpNumberOfBytesRead=0x12a4fd14*=0x4, lpOverlapped=0x0) returned 1 [0096.991] SystemFunction036 (in: RandomBuffer=0x12c91bf8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91bf8) returned 1 [0096.993] SystemFunction036 (in: RandomBuffer=0x12c91c08, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91c08) returned 1 [0096.993] GetFileType (hFile=0x2f4) returned 0x1 [0096.994] SetFilePointerEx (in: hFile=0x2f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.994] ReadFile (in: hFile=0x2f4, lpBuffer=0x12aba000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4fe80, lpOverlapped=0x0 | out: lpBuffer=0x12aba000*, lpNumberOfBytesRead=0x12a4fe80*=0x4000, lpOverlapped=0x0) returned 1 [0096.994] GetFileType (hFile=0x2f4) returned 0x1 [0096.994] SetFilePointerEx (in: hFile=0x2f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.994] WriteFile (in: hFile=0x2f4, lpBuffer=0x12ac2000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4fe78, lpOverlapped=0x0 | out: lpBuffer=0x12ac2000*, lpNumberOfBytesWritten=0x12a4fe78*=0x4000, lpOverlapped=0x0) returned 1 [0096.994] GetFileType (hFile=0x2f4) returned 0x1 [0096.994] SetFilePointerEx (in: hFile=0x2f4, liDistanceToMove=0x10000, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.994] ReadFile (in: hFile=0x2f4, lpBuffer=0x12aba000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4fe80, lpOverlapped=0x0 | out: lpBuffer=0x12aba000*, lpNumberOfBytesRead=0x12a4fe80*=0xb54, lpOverlapped=0x0) returned 1 [0096.994] GetFileType (hFile=0x2f4) returned 0x1 [0096.994] SetFilePointerEx (in: hFile=0x2f4, liDistanceToMove=0x10000, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.995] WriteFile (in: hFile=0x2f4, lpBuffer=0x12ac6000*, nNumberOfBytesToWrite=0xb60, lpNumberOfBytesWritten=0x12a4fe78, lpOverlapped=0x0 | out: lpBuffer=0x12ac6000*, lpNumberOfBytesWritten=0x12a4fe78*=0xb60, lpOverlapped=0x0) returned 1 [0096.995] GetFileType (hFile=0x2f4) returned 0x1 [0096.995] SetFilePointerEx (in: hFile=0x2f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.995] SystemFunction036 (in: RandomBuffer=0x12aa2701, RandomBufferLength=0x40 | out: RandomBuffer=0x12aa2701) returned 1 [0096.995] WriteFile (in: hFile=0x2f4, lpBuffer=0x12900570*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a4fd88, lpOverlapped=0x0 | out: lpBuffer=0x12900570*, lpNumberOfBytesWritten=0x12a4fd88*=0x4, lpOverlapped=0x0) returned 1 [0096.995] WriteFile (in: hFile=0x2f4, lpBuffer=0x12aa2800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a4fd88, lpOverlapped=0x0 | out: lpBuffer=0x12aa2800*, lpNumberOfBytesWritten=0x12a4fd88*=0x100, lpOverlapped=0x0) returned 1 [0096.995] CloseHandle (hObject=0x2f4) returned 1 [0096.997] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\nIVzqLF49.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\nivzqlf49.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\nIVzqLF49.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\nivzqlf49.wav.crypted"), dwFlags=0x1) returned 1 [0096.998] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\nIVzqLF49.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\nivzqlf49.wav")) returned 0xffffffff [0096.998] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0097.035] SetEvent (hEvent=0x218) returned 1 [0097.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\lk6mWym4EJDZhiVbitZc.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\lk6mwym4ejdzhivbitzc.wav"), fInfoLevelId=0x0, lpFileInformation=0x12865c44 | out: lpFileInformation=0x12865c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67974a50, ftCreationTime.dwHighDateTime=0x1d6fb97, ftLastAccessTime.dwLowDateTime=0x8c671280, ftLastAccessTime.dwHighDateTime=0x1d70875, ftLastWriteTime.dwLowDateTime=0x8c671280, ftLastWriteTime.dwHighDateTime=0x1d70875, nFileSizeHigh=0x0, nFileSizeLow=0x12fa6)) returned 1 [0097.036] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\lk6mWym4EJDZhiVbitZc.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\lk6mwym4ejdzhivbitzc.wav")) returned 0x20 [0097.036] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\lk6mWym4EJDZhiVbitZc.wav", dwFileAttributes=0x20) returned 1 [0097.036] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\lk6mWym4EJDZhiVbitZc.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\lk6mwym4ejdzhivbitzc.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0097.036] GetConsoleMode (in: hConsoleHandle=0x2f8, lpMode=0x12865e88 | out: lpMode=0x12865e88) returned 0 [0097.036] GetFileType (hFile=0x2f8) returned 0x1 [0097.036] GetFileType (hFile=0x2f8) returned 0x1 [0097.036] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.037] ReadFile (in: hFile=0x2f8, lpBuffer=0x12810764, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12865d14, lpOverlapped=0x0 | out: lpBuffer=0x12810764*, lpNumberOfBytesRead=0x12865d14*=0x4, lpOverlapped=0x0) returned 1 [0097.037] SystemFunction036 (in: RandomBuffer=0x12817f18, RandomBufferLength=0x10 | out: RandomBuffer=0x12817f18) returned 1 [0097.037] SystemFunction036 (in: RandomBuffer=0x12817f28, RandomBufferLength=0x10 | out: RandomBuffer=0x12817f28) returned 1 [0097.037] GetFileType (hFile=0x2f8) returned 0x1 [0097.037] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0097.037] ReadFile (in: hFile=0x2f8, lpBuffer=0x12b80000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12865e80, lpOverlapped=0x0 | out: lpBuffer=0x12b80000*, lpNumberOfBytesRead=0x12865e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.037] GetFileType (hFile=0x2f8) returned 0x1 [0097.037] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0097.037] WriteFile (in: hFile=0x2f8, lpBuffer=0x12b84000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12865e78, lpOverlapped=0x0 | out: lpBuffer=0x12b84000*, lpNumberOfBytesWritten=0x12865e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.037] GetFileType (hFile=0x2f8) returned 0x1 [0097.037] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x10000, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0097.038] ReadFile (in: hFile=0x2f8, lpBuffer=0x12b80000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12865e80, lpOverlapped=0x0 | out: lpBuffer=0x12b80000*, lpNumberOfBytesRead=0x12865e80*=0x2fa6, lpOverlapped=0x0) returned 1 [0097.038] GetFileType (hFile=0x2f8) returned 0x1 [0097.038] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x10000, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0097.038] WriteFile (in: hFile=0x2f8, lpBuffer=0x12b88000*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0x12865e78, lpOverlapped=0x0 | out: lpBuffer=0x12b88000*, lpNumberOfBytesWritten=0x12865e78*=0x2fb0, lpOverlapped=0x0) returned 1 [0097.038] GetFileType (hFile=0x2f8) returned 0x1 [0097.038] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0097.038] SystemFunction036 (in: RandomBuffer=0x1295eb01, RandomBufferLength=0x40 | out: RandomBuffer=0x1295eb01) returned 1 [0097.038] WriteFile (in: hFile=0x2f8, lpBuffer=0x128107c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12865d88, lpOverlapped=0x0 | out: lpBuffer=0x128107c0*, lpNumberOfBytesWritten=0x12865d88*=0x4, lpOverlapped=0x0) returned 1 [0097.039] WriteFile (in: hFile=0x2f8, lpBuffer=0x1295ec00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12865d88, lpOverlapped=0x0 | out: lpBuffer=0x1295ec00*, lpNumberOfBytesWritten=0x12865d88*=0x100, lpOverlapped=0x0) returned 1 [0097.042] CloseHandle (hObject=0x2f8) returned 1 [0097.045] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\lk6mWym4EJDZhiVbitZc.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\lk6mwym4ejdzhivbitzc.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\lk6mWym4EJDZhiVbitZc.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\lk6mwym4ejdzhivbitzc.wav.crypted"), dwFlags=0x1) returned 1 [0097.046] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\lk6mWym4EJDZhiVbitZc.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\lk6mwym4ejdzhivbitzc.wav")) returned 0xffffffff [0097.046] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) Thread: id = 22 os_tid = 0x580 [0094.082] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x338aff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x338aff28*=0x1e8) returned 1 [0094.083] VirtualQuery (in: lpAddress=0x338aff38, lpBuffer=0x338aff38, dwLength=0x1c | out: lpBuffer=0x338aff38*(BaseAddress=0x338af000, AllocationBase=0x337b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.083] SetEvent (hEvent=0xfc) returned 1 [0094.083] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1ec [0094.083] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1f0 [0094.083] WaitForSingleObject (hHandle=0x1ec, dwMilliseconds=0xffffffff) returned 0x0 [0094.115] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\_wsI2QZy.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_wsi2qzy.swf"), fInfoLevelId=0x0, lpFileInformation=0x12a25c44 | out: lpFileInformation=0x12a25c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11a51130, ftCreationTime.dwHighDateTime=0x1d70769, ftLastAccessTime.dwLowDateTime=0xfd30e50, ftLastAccessTime.dwHighDateTime=0x1d7077f, ftLastWriteTime.dwLowDateTime=0xfd30e50, ftLastWriteTime.dwHighDateTime=0x1d7077f, nFileSizeHigh=0x0, nFileSizeLow=0x1241f)) returned 1 [0094.115] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\_wsI2QZy.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_wsi2qzy.swf")) returned 0x20 [0094.115] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\_wsI2QZy.swf", dwFileAttributes=0x20) returned 1 [0094.115] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\_wsI2QZy.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_wsi2qzy.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0094.115] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0x12a25e88 | out: lpMode=0x12a25e88) returned 0 [0094.115] GetFileType (hFile=0x214) returned 0x1 [0094.115] GetFileType (hFile=0x214) returned 0x1 [0094.115] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.115] ReadFile (in: hFile=0x214, lpBuffer=0x128103ac, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a25d14, lpOverlapped=0x0 | out: lpBuffer=0x128103ac*, lpNumberOfBytesRead=0x12a25d14*=0x4, lpOverlapped=0x0) returned 1 [0094.115] SystemFunction036 (in: RandomBuffer=0x12816708, RandomBufferLength=0x10 | out: RandomBuffer=0x12816708) returned 1 [0094.115] SystemFunction036 (in: RandomBuffer=0x12816718, RandomBufferLength=0x10 | out: RandomBuffer=0x12816718) returned 1 [0094.116] VirtualAlloc (lpAddress=0x12a26000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a26000 [0094.119] GetFileType (hFile=0x214) returned 0x1 [0094.119] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0x0) returned 1 [0094.119] ReadFile (in: hFile=0x214, lpBuffer=0x12a26000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a25e80, lpOverlapped=0x0 | out: lpBuffer=0x12a26000*, lpNumberOfBytesRead=0x12a25e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.119] VirtualAlloc (lpAddress=0x12a2a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a2a000 [0094.120] GetFileType (hFile=0x214) returned 0x1 [0094.120] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0x0) returned 1 [0094.120] WriteFile (in: hFile=0x214, lpBuffer=0x12a2a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a25e78, lpOverlapped=0x0 | out: lpBuffer=0x12a2a000*, lpNumberOfBytesWritten=0x12a25e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.120] GetFileType (hFile=0x214) returned 0x1 [0094.120] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0x0) returned 1 [0094.120] SystemFunction036 (in: RandomBuffer=0x1287e701, RandomBufferLength=0x40 | out: RandomBuffer=0x1287e701) returned 1 [0094.121] WriteFile (in: hFile=0x214, lpBuffer=0x12810408*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a25d88, lpOverlapped=0x0 | out: lpBuffer=0x12810408*, lpNumberOfBytesWritten=0x12a25d88*=0x4, lpOverlapped=0x0) returned 1 [0094.121] WriteFile (in: hFile=0x214, lpBuffer=0x1287e800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a25d88, lpOverlapped=0x0 | out: lpBuffer=0x1287e800*, lpNumberOfBytesWritten=0x12a25d88*=0x100, lpOverlapped=0x0) returned 1 [0094.121] CloseHandle (hObject=0x214) returned 1 [0094.140] WaitForSingleObject (hHandle=0x1ec, dwMilliseconds=0xffffffff) returned 0x0 [0094.151] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\_wsI2QZy.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_wsi2qzy.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\_wsI2QZy.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_wsi2qzy.swf.crypted"), dwFlags=0x1) returned 1 [0095.016] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\_wsI2QZy.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\_wsi2qzy.swf")) returned 0xffffffff [0095.036] WaitForSingleObject (hHandle=0x1ec, dwMilliseconds=0xffffffff) returned 0x0 [0095.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qb_CobqM-NNuxFtHqK.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qb_cobqm-nnuxfthqk.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12a25c44 | out: lpFileInformation=0x12a25c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48fae460, ftCreationTime.dwHighDateTime=0x1d7063e, ftLastAccessTime.dwLowDateTime=0xb38f4b90, ftLastAccessTime.dwHighDateTime=0x1d709cc, ftLastWriteTime.dwLowDateTime=0xb38f4b90, ftLastWriteTime.dwHighDateTime=0x1d709cc, nFileSizeHigh=0x0, nFileSizeLow=0x9ef4)) returned 1 [0095.062] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qb_CobqM-NNuxFtHqK.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qb_cobqm-nnuxfthqk.mp3")) returned 0x20 [0095.062] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qb_CobqM-NNuxFtHqK.mp3", dwFileAttributes=0x20) returned 1 [0095.062] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qb_CobqM-NNuxFtHqK.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qb_cobqm-nnuxfthqk.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0095.062] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0x12a25e88 | out: lpMode=0x12a25e88) returned 0 [0095.062] GetFileType (hFile=0x23c) returned 0x1 [0095.062] GetFileType (hFile=0x23c) returned 0x1 [0095.062] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.063] ReadFile (in: hFile=0x23c, lpBuffer=0x128107f8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a25d14, lpOverlapped=0x0 | out: lpBuffer=0x128107f8*, lpNumberOfBytesRead=0x12a25d14*=0x4, lpOverlapped=0x0) returned 1 [0095.063] SystemFunction036 (in: RandomBuffer=0x12817798, RandomBufferLength=0x10 | out: RandomBuffer=0x12817798) returned 1 [0095.063] SystemFunction036 (in: RandomBuffer=0x128177a8, RandomBufferLength=0x10 | out: RandomBuffer=0x128177a8) returned 1 [0095.063] VirtualAlloc (lpAddress=0x12c2e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c2e000 [0095.063] VirtualAlloc (lpAddress=0x12c32000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c32000 [0095.064] GetFileType (hFile=0x23c) returned 0x1 [0095.064] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0x0) returned 1 [0095.064] ReadFile (in: hFile=0x23c, lpBuffer=0x12c2e000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a25e80, lpOverlapped=0x0 | out: lpBuffer=0x12c2e000*, lpNumberOfBytesRead=0x12a25e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.064] VirtualAlloc (lpAddress=0x12c34000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c34000 [0095.065] GetFileType (hFile=0x23c) returned 0x1 [0095.065] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0x0) returned 1 [0095.065] WriteFile (in: hFile=0x23c, lpBuffer=0x12c34000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a25e78, lpOverlapped=0x0 | out: lpBuffer=0x12c34000*, lpNumberOfBytesWritten=0x12a25e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.065] GetFileType (hFile=0x23c) returned 0x1 [0095.065] SetFilePointerEx (in: hFile=0x23c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0x0) returned 1 [0095.065] SystemFunction036 (in: RandomBuffer=0x12a7eb01, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7eb01) returned 1 [0095.065] VirtualAlloc (lpAddress=0x12c38000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c38000 [0095.066] VirtualAlloc (lpAddress=0x12c3a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c3a000 [0095.066] VirtualAlloc (lpAddress=0x12c3c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c3c000 [0095.066] WriteFile (in: hFile=0x23c, lpBuffer=0x12810854*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a25d88, lpOverlapped=0x0 | out: lpBuffer=0x12810854*, lpNumberOfBytesWritten=0x12a25d88*=0x4, lpOverlapped=0x0) returned 1 [0095.067] WriteFile (in: hFile=0x23c, lpBuffer=0x12a7ec00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a25d88, lpOverlapped=0x0 | out: lpBuffer=0x12a7ec00*, lpNumberOfBytesWritten=0x12a25d88*=0x100, lpOverlapped=0x0) returned 1 [0095.067] CloseHandle (hObject=0x23c) returned 1 [0095.083] WaitForSingleObject (hHandle=0x1ec, dwMilliseconds=0xffffffff) returned 0x0 [0095.097] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qb_CobqM-NNuxFtHqK.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qb_cobqm-nnuxfthqk.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qb_CobqM-NNuxFtHqK.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qb_cobqm-nnuxfthqk.mp3.crypted"), dwFlags=0x1) returned 1 [0096.880] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\qb_CobqM-NNuxFtHqK.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\qb_cobqm-nnuxfthqk.mp3")) returned 0xffffffff [0096.920] SetEvent (hEvent=0x298) returned 1 [0096.920] VirtualFree (lpAddress=0x12c3e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.922] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\dH60-76fNbZrdz2.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\dh60-76fnbzrdz2.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12a25c44 | out: lpFileInformation=0x12a25c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7967def0, ftCreationTime.dwHighDateTime=0x1d6ffcc, ftLastAccessTime.dwLowDateTime=0x86783670, ftLastAccessTime.dwHighDateTime=0x1d70a22, ftLastWriteTime.dwLowDateTime=0x86783670, ftLastWriteTime.dwHighDateTime=0x1d70a22, nFileSizeHigh=0x0, nFileSizeLow=0x13836)) returned 1 [0096.922] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\dH60-76fNbZrdz2.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\dh60-76fnbzrdz2.m4a")) returned 0x20 [0096.922] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\dH60-76fNbZrdz2.m4a", dwFileAttributes=0x20) returned 1 [0096.922] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\dH60-76fNbZrdz2.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\dh60-76fnbzrdz2.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0096.922] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0x12a25e88 | out: lpMode=0x12a25e88) returned 0 [0096.923] GetFileType (hFile=0x2d8) returned 0x1 [0096.923] GetFileType (hFile=0x2d8) returned 0x1 [0096.923] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.923] ReadFile (in: hFile=0x2d8, lpBuffer=0x1290047c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a25d14, lpOverlapped=0x0 | out: lpBuffer=0x1290047c*, lpNumberOfBytesRead=0x12a25d14*=0x4, lpOverlapped=0x0) returned 1 [0096.923] SystemFunction036 (in: RandomBuffer=0x12c91838, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91838) returned 1 [0096.923] SystemFunction036 (in: RandomBuffer=0x12c91848, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91848) returned 1 [0096.923] GetFileType (hFile=0x2d8) returned 0x1 [0096.923] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0x0) returned 1 [0096.923] ReadFile (in: hFile=0x2d8, lpBuffer=0x12ab2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a25e80, lpOverlapped=0x0 | out: lpBuffer=0x12ab2000*, lpNumberOfBytesRead=0x12a25e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.923] GetFileType (hFile=0x2d8) returned 0x1 [0096.923] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0x0) returned 1 [0096.923] WriteFile (in: hFile=0x2d8, lpBuffer=0x12ab6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a25e78, lpOverlapped=0x0 | out: lpBuffer=0x12ab6000*, lpNumberOfBytesWritten=0x12a25e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.924] GetFileType (hFile=0x2d8) returned 0x1 [0096.924] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a25e9c | out: lpNewFilePointer=0x0) returned 1 [0096.924] SystemFunction036 (in: RandomBuffer=0x12aa2401, RandomBufferLength=0x40 | out: RandomBuffer=0x12aa2401) returned 1 [0096.953] WriteFile (in: hFile=0x2d8, lpBuffer=0x129004d8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a25d88, lpOverlapped=0x0 | out: lpBuffer=0x129004d8*, lpNumberOfBytesWritten=0x12a25d88*=0x4, lpOverlapped=0x0) returned 1 [0096.953] WriteFile (in: hFile=0x2d8, lpBuffer=0x12aa2500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a25d88, lpOverlapped=0x0 | out: lpBuffer=0x12aa2500*, lpNumberOfBytesWritten=0x12a25d88*=0x100, lpOverlapped=0x0) returned 1 [0096.953] CloseHandle (hObject=0x2d8) returned 1 [0096.956] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\dH60-76fNbZrdz2.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\dh60-76fnbzrdz2.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\dH60-76fNbZrdz2.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\dh60-76fnbzrdz2.m4a.crypted"), dwFlags=0x1) returned 1 [0096.957] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\dH60-76fNbZrdz2.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\dh60-76fnbzrdz2.m4a")) returned 0xffffffff [0096.957] WaitForSingleObject (hHandle=0x1ec, dwMilliseconds=0xffffffff) Thread: id = 23 os_tid = 0x8c4 [0094.099] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x339eff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x339eff28*=0x1f4) returned 1 [0094.099] VirtualQuery (in: lpAddress=0x339eff38, lpBuffer=0x339eff38, dwLength=0x1c | out: lpBuffer=0x339eff38*(BaseAddress=0x339ef000, AllocationBase=0x338f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.099] SetEvent (hEvent=0x118) returned 1 [0094.099] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1f8 [0094.099] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1fc [0094.099] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0094.112] VirtualAlloc (lpAddress=0x12a1e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a1e000 [0094.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a95sccTOOgBT.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a95scctoogbt.ods"), fInfoLevelId=0x0, lpFileInformation=0x12a23c44 | out: lpFileInformation=0x12a23c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79708280, ftCreationTime.dwHighDateTime=0x1d70a35, ftLastAccessTime.dwLowDateTime=0xf61c4f50, ftLastAccessTime.dwHighDateTime=0x1d70a79, ftLastWriteTime.dwLowDateTime=0xf61c4f50, ftLastWriteTime.dwHighDateTime=0x1d70a79, nFileSizeHigh=0x0, nFileSizeLow=0x12ddf)) returned 1 [0094.113] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a95sccTOOgBT.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a95scctoogbt.ods")) returned 0x20 [0094.113] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a95sccTOOgBT.ods", dwFileAttributes=0x20) returned 1 [0094.113] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a95sccTOOgBT.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a95scctoogbt.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0094.113] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0x12a23e88 | out: lpMode=0x12a23e88) returned 0 [0094.128] GetFileType (hFile=0x204) returned 0x1 [0094.128] GetFileType (hFile=0x204) returned 0x1 [0094.128] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.128] ReadFile (in: hFile=0x204, lpBuffer=0x12810410, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a23d14, lpOverlapped=0x0 | out: lpBuffer=0x12810410*, lpNumberOfBytesRead=0x12a23d14*=0x4, lpOverlapped=0x0) returned 1 [0094.128] SystemFunction036 (in: RandomBuffer=0x12816848, RandomBufferLength=0x10 | out: RandomBuffer=0x12816848) returned 1 [0094.128] SystemFunction036 (in: RandomBuffer=0x12816858, RandomBufferLength=0x10 | out: RandomBuffer=0x12816858) returned 1 [0094.128] VirtualAlloc (lpAddress=0x12a2e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a2e000 [0094.129] GetFileType (hFile=0x204) returned 0x1 [0094.129] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0094.129] ReadFile (in: hFile=0x204, lpBuffer=0x12a2e000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a23e80, lpOverlapped=0x0 | out: lpBuffer=0x12a2e000*, lpNumberOfBytesRead=0x12a23e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.129] VirtualAlloc (lpAddress=0x12a32000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a32000 [0094.130] GetFileType (hFile=0x204) returned 0x1 [0094.130] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0094.130] WriteFile (in: hFile=0x204, lpBuffer=0x12a32000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a23e78, lpOverlapped=0x0 | out: lpBuffer=0x12a32000*, lpNumberOfBytesWritten=0x12a23e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.130] GetFileType (hFile=0x204) returned 0x1 [0094.130] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0094.130] SystemFunction036 (in: RandomBuffer=0x1287ea01, RandomBufferLength=0x40 | out: RandomBuffer=0x1287ea01) returned 1 [0094.130] VirtualAlloc (lpAddress=0x12a36000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a36000 [0094.131] WriteFile (in: hFile=0x204, lpBuffer=0x1281046c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x1281046c*, lpNumberOfBytesWritten=0x12a23d88*=0x4, lpOverlapped=0x0) returned 1 [0094.131] WriteFile (in: hFile=0x204, lpBuffer=0x1287eb00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x1287eb00*, lpNumberOfBytesWritten=0x12a23d88*=0x100, lpOverlapped=0x0) returned 1 [0094.131] CloseHandle (hObject=0x204) returned 1 [0094.175] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a95sccTOOgBT.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a95scctoogbt.ods"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a95sccTOOgBT.ods.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a95scctoogbt.ods.crypted"), dwFlags=0x1) returned 1 [0095.035] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a95sccTOOgBT.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a95scctoogbt.ods")) returned 0xffffffff [0095.078] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0095.083] SetEvent (hEvent=0xfc) returned 1 [0095.083] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0095.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0kERH4Zo.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0kerh4zo.rtf"), fInfoLevelId=0x0, lpFileInformation=0x1285fc44 | out: lpFileInformation=0x1285fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42d4d350, ftCreationTime.dwHighDateTime=0x1d709ba, ftLastAccessTime.dwLowDateTime=0x5b1878a0, ftLastAccessTime.dwHighDateTime=0x1d70a54, ftLastWriteTime.dwLowDateTime=0x5b1878a0, ftLastWriteTime.dwHighDateTime=0x1d70a54, nFileSizeHigh=0x0, nFileSizeLow=0x1849c)) returned 1 [0095.156] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0kERH4Zo.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0kerh4zo.rtf")) returned 0x20 [0095.156] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0kERH4Zo.rtf", dwFileAttributes=0x20) returned 1 [0095.157] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0kERH4Zo.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0kerh4zo.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2dc [0095.157] GetConsoleMode (in: hConsoleHandle=0x2dc, lpMode=0x1285fe88 | out: lpMode=0x1285fe88) returned 0 [0095.157] GetFileType (hFile=0x2dc) returned 0x1 [0095.157] GetFileType (hFile=0x2dc) returned 0x1 [0095.157] SetFilePointerEx (in: hFile=0x2dc, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.157] ReadFile (in: hFile=0x2dc, lpBuffer=0x12900b34, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x1285fd14, lpOverlapped=0x0 | out: lpBuffer=0x12900b34*, lpNumberOfBytesRead=0x1285fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.157] SystemFunction036 (in: RandomBuffer=0x12931fb8, RandomBufferLength=0x10 | out: RandomBuffer=0x12931fb8) returned 1 [0095.157] SystemFunction036 (in: RandomBuffer=0x12931fc8, RandomBufferLength=0x10 | out: RandomBuffer=0x12931fc8) returned 1 [0095.157] VirtualAlloc (lpAddress=0x12c88000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c88000 [0095.157] GetFileType (hFile=0x2dc) returned 0x1 [0095.157] SetFilePointerEx (in: hFile=0x2dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.158] ReadFile (in: hFile=0x2dc, lpBuffer=0x12c88000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x1285fe80, lpOverlapped=0x0 | out: lpBuffer=0x12c88000*, lpNumberOfBytesRead=0x1285fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.158] VirtualAlloc (lpAddress=0x12c8c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c8c000 [0095.159] GetFileType (hFile=0x2dc) returned 0x1 [0095.159] SetFilePointerEx (in: hFile=0x2dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.159] WriteFile (in: hFile=0x2dc, lpBuffer=0x12c8c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1285fe78, lpOverlapped=0x0 | out: lpBuffer=0x12c8c000*, lpNumberOfBytesWritten=0x1285fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.159] GetFileType (hFile=0x2dc) returned 0x1 [0095.159] SetFilePointerEx (in: hFile=0x2dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.159] VirtualAlloc (lpAddress=0x12c90000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c90000 [0095.159] SystemFunction036 (in: RandomBuffer=0x12ad9301, RandomBufferLength=0x40 | out: RandomBuffer=0x12ad9301) returned 1 [0095.160] WriteFile (in: hFile=0x2dc, lpBuffer=0x12900b90*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x1285fd88, lpOverlapped=0x0 | out: lpBuffer=0x12900b90*, lpNumberOfBytesWritten=0x1285fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.160] WriteFile (in: hFile=0x2dc, lpBuffer=0x12ad9400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x1285fd88, lpOverlapped=0x0 | out: lpBuffer=0x12ad9400*, lpNumberOfBytesWritten=0x1285fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.160] CloseHandle (hObject=0x2dc) returned 1 [0095.163] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0kERH4Zo.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0kerh4zo.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0kERH4Zo.rtf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0kerh4zo.rtf.crypted"), dwFlags=0x1) returned 1 [0095.165] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\0kERH4Zo.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\0kerh4zo.rtf")) returned 0xffffffff [0095.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\wzJn2zO_p-yHTkE3g4.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\wzjn2zo_p-yhtke3g4.gif"), fInfoLevelId=0x0, lpFileInformation=0x1285fc44 | out: lpFileInformation=0x1285fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x421d4ab0, ftCreationTime.dwHighDateTime=0x1d6fb36, ftLastAccessTime.dwLowDateTime=0x23d345a0, ftLastAccessTime.dwHighDateTime=0x1d7021b, ftLastWriteTime.dwLowDateTime=0x23d345a0, ftLastWriteTime.dwHighDateTime=0x1d7021b, nFileSizeHigh=0x0, nFileSizeLow=0xc335)) returned 1 [0095.165] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\wzJn2zO_p-yHTkE3g4.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\wzjn2zo_p-yhtke3g4.gif")) returned 0x20 [0095.166] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\wzJn2zO_p-yHTkE3g4.gif", dwFileAttributes=0x20) returned 1 [0095.166] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\wzJn2zO_p-yHTkE3g4.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\wzjn2zo_p-yhtke3g4.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2dc [0095.166] GetConsoleMode (in: hConsoleHandle=0x2dc, lpMode=0x1285fe88 | out: lpMode=0x1285fe88) returned 0 [0095.169] GetFileType (hFile=0x2dc) returned 0x1 [0095.169] GetFileType (hFile=0x2dc) returned 0x1 [0095.169] SetFilePointerEx (in: hFile=0x2dc, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.169] ReadFile (in: hFile=0x2dc, lpBuffer=0x12900b98, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x1285fd14, lpOverlapped=0x0 | out: lpBuffer=0x12900b98*, lpNumberOfBytesRead=0x1285fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.169] SystemFunction036 (in: RandomBuffer=0x12c90118, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90118) returned 1 [0095.169] SystemFunction036 (in: RandomBuffer=0x12c90128, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90128) returned 1 [0095.169] VirtualAlloc (lpAddress=0x12c92000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c92000 [0095.169] GetFileType (hFile=0x2dc) returned 0x1 [0095.169] SetFilePointerEx (in: hFile=0x2dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.169] ReadFile (in: hFile=0x2dc, lpBuffer=0x12c92000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x1285fe80, lpOverlapped=0x0 | out: lpBuffer=0x12c92000*, lpNumberOfBytesRead=0x1285fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.170] VirtualAlloc (lpAddress=0x12c96000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c96000 [0095.170] GetFileType (hFile=0x2dc) returned 0x1 [0095.171] SetFilePointerEx (in: hFile=0x2dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.171] WriteFile (in: hFile=0x2dc, lpBuffer=0x12c96000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1285fe78, lpOverlapped=0x0 | out: lpBuffer=0x12c96000*, lpNumberOfBytesWritten=0x1285fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.171] GetFileType (hFile=0x2dc) returned 0x1 [0095.171] SetFilePointerEx (in: hFile=0x2dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1285fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.171] SystemFunction036 (in: RandomBuffer=0x12ad9601, RandomBufferLength=0x40 | out: RandomBuffer=0x12ad9601) returned 1 [0095.171] WriteFile (in: hFile=0x2dc, lpBuffer=0x12900bf4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x1285fd88, lpOverlapped=0x0 | out: lpBuffer=0x12900bf4*, lpNumberOfBytesWritten=0x1285fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.172] WriteFile (in: hFile=0x2dc, lpBuffer=0x12ad9700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x1285fd88, lpOverlapped=0x0 | out: lpBuffer=0x12ad9700*, lpNumberOfBytesWritten=0x1285fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.172] CloseHandle (hObject=0x2dc) returned 1 [0095.188] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0095.238] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\wzJn2zO_p-yHTkE3g4.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\wzjn2zo_p-yhtke3g4.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\wzJn2zO_p-yHTkE3g4.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\wzjn2zo_p-yhtke3g4.gif.crypted"), dwFlags=0x1) returned 1 [0097.113] SetEvent (hEvent=0x19c) returned 1 [0097.113] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) Thread: id = 24 os_tid = 0x9dc [0094.114] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x33b2ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x33b2ff28*=0x208) returned 1 [0094.114] VirtualQuery (in: lpAddress=0x33b2ff38, lpBuffer=0x33b2ff38, dwLength=0x1c | out: lpBuffer=0x33b2ff38*(BaseAddress=0x33b2f000, AllocationBase=0x33a30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.114] SetEvent (hEvent=0x19c) returned 1 [0094.114] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x20c [0094.114] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x210 [0094.114] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0094.136] SetEvent (hEvent=0x1dc) returned 1 [0094.136] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0094.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\dE-y9CgieV 4gFU.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\de-y9cgiev 4gfu.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d0642d0, ftCreationTime.dwHighDateTime=0x1d7082d, ftLastAccessTime.dwLowDateTime=0x387dd230, ftLastAccessTime.dwHighDateTime=0x1d709a6, ftLastWriteTime.dwLowDateTime=0x387dd230, ftLastWriteTime.dwHighDateTime=0x1d709a6, nFileSizeHigh=0x0, nFileSizeLow=0x797e)) returned 1 [0094.162] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\dE-y9CgieV 4gFU.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\de-y9cgiev 4gfu.mp4")) returned 0x20 [0094.162] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\dE-y9CgieV 4gFU.mp4", dwFileAttributes=0x20) returned 1 [0094.162] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\dE-y9CgieV 4gFU.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\de-y9cgiev 4gfu.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0094.162] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0094.162] GetFileType (hFile=0x228) returned 0x1 [0094.162] GetFileType (hFile=0x228) returned 0x1 [0094.163] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.163] ReadFile (in: hFile=0x228, lpBuffer=0x129006fc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x129006fc*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0094.163] SystemFunction036 (in: RandomBuffer=0x12931248, RandomBufferLength=0x10 | out: RandomBuffer=0x12931248) returned 1 [0094.163] SystemFunction036 (in: RandomBuffer=0x12931258, RandomBufferLength=0x10 | out: RandomBuffer=0x12931258) returned 1 [0094.163] VirtualAlloc (lpAddress=0x12aac000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12aac000 [0094.163] GetFileType (hFile=0x228) returned 0x1 [0094.163] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.163] ReadFile (in: hFile=0x228, lpBuffer=0x12aac000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12aac000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0094.166] VirtualAlloc (lpAddress=0x12ab0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ab0000 [0094.166] GetFileType (hFile=0x228) returned 0x1 [0094.166] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.167] WriteFile (in: hFile=0x228, lpBuffer=0x12ab0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12ab0000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0094.167] GetFileType (hFile=0x228) returned 0x1 [0094.167] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.167] SystemFunction036 (in: RandomBuffer=0x12951301, RandomBufferLength=0x40 | out: RandomBuffer=0x12951301) returned 1 [0094.167] VirtualAlloc (lpAddress=0x12ab4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ab4000 [0094.168] WriteFile (in: hFile=0x228, lpBuffer=0x12900758*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12900758*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0094.168] WriteFile (in: hFile=0x228, lpBuffer=0x12951400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12951400*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0094.168] CloseHandle (hObject=0x228) returned 1 [0094.186] VirtualAlloc (lpAddress=0x12ab6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ab6000 [0094.186] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\dE-y9CgieV 4gFU.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\de-y9cgiev 4gfu.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\dE-y9CgieV 4gFU.mp4.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\de-y9cgiev 4gfu.mp4.crypted"), dwFlags=0x1) returned 1 [0095.083] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.097] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\dE-y9CgieV 4gFU.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\de-y9cgiev 4gfu.mp4")) returned 0xffffffff [0095.123] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.188] SetEvent (hEvent=0x2bc) returned 1 [0095.188] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.212] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\1fL3-I81Z4OYL.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\1fl3-i81z4oyl.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dc314b0, ftCreationTime.dwHighDateTime=0x1d6ef29, ftLastAccessTime.dwLowDateTime=0x2f6b5860, ftLastAccessTime.dwHighDateTime=0x1d70065, ftLastWriteTime.dwLowDateTime=0x2f6b5860, ftLastWriteTime.dwHighDateTime=0x1d70065, nFileSizeHigh=0x0, nFileSizeLow=0x115cc)) returned 1 [0095.212] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\1fL3-I81Z4OYL.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\1fl3-i81z4oyl.pptx")) returned 0x20 [0095.213] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\1fL3-I81Z4OYL.pptx", dwFileAttributes=0x20) returned 1 [0095.213] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\1fL3-I81Z4OYL.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\1fl3-i81z4oyl.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x300 [0095.213] GetConsoleMode (in: hConsoleHandle=0x300, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0095.213] GetFileType (hFile=0x300) returned 0x1 [0095.213] GetFileType (hFile=0x300) returned 0x1 [0095.213] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.213] ReadFile (in: hFile=0x300, lpBuffer=0x1298e60c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e60c*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.213] SystemFunction036 (in: RandomBuffer=0x129a3888, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3888) returned 1 [0095.213] SystemFunction036 (in: RandomBuffer=0x129a3898, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3898) returned 1 [0095.213] VirtualAlloc (lpAddress=0x12bd2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bd2000 [0095.214] GetFileType (hFile=0x300) returned 0x1 [0095.214] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.214] ReadFile (in: hFile=0x300, lpBuffer=0x12bd2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12bd2000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.214] VirtualAlloc (lpAddress=0x12bd6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bd6000 [0095.215] GetFileType (hFile=0x300) returned 0x1 [0095.215] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.215] WriteFile (in: hFile=0x300, lpBuffer=0x12bd6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12bd6000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.215] GetFileType (hFile=0x300) returned 0x1 [0095.215] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.215] ReadFile (in: hFile=0x300, lpBuffer=0x12bd2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12bd2000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.215] VirtualAlloc (lpAddress=0x12bda000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bda000 [0095.218] GetFileType (hFile=0x300) returned 0x1 [0095.218] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.218] WriteFile (in: hFile=0x300, lpBuffer=0x12bda000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12bda000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.218] GetFileType (hFile=0x300) returned 0x1 [0095.218] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.218] SystemFunction036 (in: RandomBuffer=0x12bac801, RandomBufferLength=0x40 | out: RandomBuffer=0x12bac801) returned 1 [0095.219] VirtualAlloc (lpAddress=0x12bde000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bde000 [0095.219] WriteFile (in: hFile=0x300, lpBuffer=0x1298e668*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x1298e668*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.219] WriteFile (in: hFile=0x300, lpBuffer=0x12bac900*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12bac900*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.219] CloseHandle (hObject=0x300) returned 1 [0095.221] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\1fL3-I81Z4OYL.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\1fl3-i81z4oyl.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\1fL3-I81Z4OYL.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\1fl3-i81z4oyl.pptx.crypted"), dwFlags=0x1) returned 1 [0095.222] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\1fL3-I81Z4OYL.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\1fl3-i81z4oyl.pptx")) returned 0xffffffff [0095.222] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4OolYd_eSq8.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4oolyd_esq8.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df66410, ftCreationTime.dwHighDateTime=0x1d6f4d1, ftLastAccessTime.dwLowDateTime=0x194396a0, ftLastAccessTime.dwHighDateTime=0x1d6fa17, ftLastWriteTime.dwLowDateTime=0x194396a0, ftLastWriteTime.dwHighDateTime=0x1d6fa17, nFileSizeHigh=0x0, nFileSizeLow=0x20cf)) returned 1 [0095.222] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4OolYd_eSq8.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4oolyd_esq8.pptx")) returned 0x20 [0095.222] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4OolYd_eSq8.pptx", dwFileAttributes=0x20) returned 1 [0095.222] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4OolYd_eSq8.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4oolyd_esq8.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x300 [0095.223] GetConsoleMode (in: hConsoleHandle=0x300, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0095.223] GetFileType (hFile=0x300) returned 0x1 [0095.223] GetFileType (hFile=0x300) returned 0x1 [0095.223] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.223] ReadFile (in: hFile=0x300, lpBuffer=0x1298e670, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e670*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.223] SystemFunction036 (in: RandomBuffer=0x129a39c8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a39c8) returned 1 [0095.223] SystemFunction036 (in: RandomBuffer=0x129a39d8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a39d8) returned 1 [0095.223] VirtualAlloc (lpAddress=0x12be0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12be0000 [0095.223] GetFileType (hFile=0x300) returned 0x1 [0095.223] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.223] ReadFile (in: hFile=0x300, lpBuffer=0x12be0000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12be0000*, lpNumberOfBytesRead=0x12a1fe80*=0x20cf, lpOverlapped=0x0) returned 1 [0095.224] GetFileType (hFile=0x300) returned 0x1 [0095.224] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.224] WriteFile (in: hFile=0x300, lpBuffer=0x12ba0500*, nNumberOfBytesToWrite=0x20d0, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12ba0500*, lpNumberOfBytesWritten=0x12a1fe78*=0x20d0, lpOverlapped=0x0) returned 1 [0095.224] GetFileType (hFile=0x300) returned 0x1 [0095.224] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.224] SystemFunction036 (in: RandomBuffer=0x12bacb01, RandomBufferLength=0x40 | out: RandomBuffer=0x12bacb01) returned 1 [0095.225] WriteFile (in: hFile=0x300, lpBuffer=0x1298e6cc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x1298e6cc*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.225] WriteFile (in: hFile=0x300, lpBuffer=0x12bacc00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12bacc00*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.225] CloseHandle (hObject=0x300) returned 1 [0095.226] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4OolYd_eSq8.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4oolyd_esq8.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4OolYd_eSq8.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4oolyd_esq8.pptx.crypted"), dwFlags=0x1) returned 1 [0095.226] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\4OolYd_eSq8.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\4oolyd_esq8.pptx")) returned 0xffffffff [0095.226] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.251] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.259] SetEvent (hEvent=0x200) returned 1 [0095.259] VirtualAlloc (lpAddress=0x12b68000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b68000 [0095.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6KaGGKzw-OwQUh4.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6kaggkzw-owquh4.docx"), fInfoLevelId=0x0, lpFileInformation=0x12b6dc44 | out: lpFileInformation=0x12b6dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1821ad30, ftCreationTime.dwHighDateTime=0x1d67e97, ftLastAccessTime.dwLowDateTime=0xc9925eb0, ftLastAccessTime.dwHighDateTime=0x1d6ddcf, ftLastWriteTime.dwLowDateTime=0xc9925eb0, ftLastWriteTime.dwHighDateTime=0x1d6ddcf, nFileSizeHigh=0x0, nFileSizeLow=0xd303)) returned 1 [0095.260] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6KaGGKzw-OwQUh4.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6kaggkzw-owquh4.docx")) returned 0x20 [0095.260] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6KaGGKzw-OwQUh4.docx", dwFileAttributes=0x20) returned 1 [0095.260] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6KaGGKzw-OwQUh4.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6kaggkzw-owquh4.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0095.260] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12b6de88 | out: lpMode=0x12b6de88) returned 0 [0095.260] GetFileType (hFile=0x304) returned 0x1 [0095.260] GetFileType (hFile=0x304) returned 0x1 [0095.260] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.261] ReadFile (in: hFile=0x304, lpBuffer=0x1288b6dc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b6dd14, lpOverlapped=0x0 | out: lpBuffer=0x1288b6dc*, lpNumberOfBytesRead=0x12b6dd14*=0x4, lpOverlapped=0x0) returned 1 [0095.261] SystemFunction036 (in: RandomBuffer=0x128cdbf8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdbf8) returned 1 [0095.261] SystemFunction036 (in: RandomBuffer=0x128cdc08, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdc08) returned 1 [0095.261] VirtualAlloc (lpAddress=0x12b70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b70000 [0095.261] GetFileType (hFile=0x304) returned 0x1 [0095.261] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.261] ReadFile (in: hFile=0x304, lpBuffer=0x12b70000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b6de80, lpOverlapped=0x0 | out: lpBuffer=0x12b70000*, lpNumberOfBytesRead=0x12b6de80*=0x4000, lpOverlapped=0x0) returned 1 [0095.261] VirtualAlloc (lpAddress=0x12b74000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b74000 [0095.262] GetFileType (hFile=0x304) returned 0x1 [0095.262] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.262] WriteFile (in: hFile=0x304, lpBuffer=0x12b74000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b6de78, lpOverlapped=0x0 | out: lpBuffer=0x12b74000*, lpNumberOfBytesWritten=0x12b6de78*=0x4000, lpOverlapped=0x0) returned 1 [0095.262] GetFileType (hFile=0x304) returned 0x1 [0095.262] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.262] ReadFile (in: hFile=0x304, lpBuffer=0x12b70000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b6de80, lpOverlapped=0x0 | out: lpBuffer=0x12b70000*, lpNumberOfBytesRead=0x12b6de80*=0x1303, lpOverlapped=0x0) returned 1 [0095.263] VirtualAlloc (lpAddress=0x12b78000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b78000 [0095.263] GetFileType (hFile=0x304) returned 0x1 [0095.263] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.263] WriteFile (in: hFile=0x304, lpBuffer=0x12b78000*, nNumberOfBytesToWrite=0x1310, lpNumberOfBytesWritten=0x12b6de78, lpOverlapped=0x0 | out: lpBuffer=0x12b78000*, lpNumberOfBytesWritten=0x12b6de78*=0x1310, lpOverlapped=0x0) returned 1 [0095.263] GetFileType (hFile=0x304) returned 0x1 [0095.263] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.267] SystemFunction036 (in: RandomBuffer=0x12b53001, RandomBufferLength=0x40 | out: RandomBuffer=0x12b53001) returned 1 [0095.267] WriteFile (in: hFile=0x304, lpBuffer=0x1288b738*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b6dd88, lpOverlapped=0x0 | out: lpBuffer=0x1288b738*, lpNumberOfBytesWritten=0x12b6dd88*=0x4, lpOverlapped=0x0) returned 1 [0095.267] WriteFile (in: hFile=0x304, lpBuffer=0x12b53100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b6dd88, lpOverlapped=0x0 | out: lpBuffer=0x12b53100*, lpNumberOfBytesWritten=0x12b6dd88*=0x100, lpOverlapped=0x0) returned 1 [0095.267] CloseHandle (hObject=0x304) returned 1 [0095.269] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6KaGGKzw-OwQUh4.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6kaggkzw-owquh4.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6KaGGKzw-OwQUh4.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6kaggkzw-owquh4.docx.crypted"), dwFlags=0x1) returned 1 [0095.270] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6KaGGKzw-OwQUh4.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6kaggkzw-owquh4.docx")) returned 0xffffffff [0095.270] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-JZ ca6GvEB8.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-jz ca6gveb8.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5a7ab30, ftCreationTime.dwHighDateTime=0x1d707f9, ftLastAccessTime.dwLowDateTime=0x7bc47810, ftLastAccessTime.dwHighDateTime=0x1d70a4a, ftLastWriteTime.dwLowDateTime=0x7bc47810, ftLastWriteTime.dwHighDateTime=0x1d70a4a, nFileSizeHigh=0x0, nFileSizeLow=0x13048)) returned 1 [0095.327] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-JZ ca6GvEB8.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-jz ca6gveb8.xlsx")) returned 0x20 [0095.327] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-JZ ca6GvEB8.xlsx", dwFileAttributes=0x20) returned 1 [0095.327] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-JZ ca6GvEB8.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-jz ca6gveb8.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0095.327] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0095.327] GetFileType (hFile=0x304) returned 0x1 [0095.327] GetFileType (hFile=0x304) returned 0x1 [0095.327] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.327] ReadFile (in: hFile=0x304, lpBuffer=0x1298e76c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e76c*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.327] SystemFunction036 (in: RandomBuffer=0x12be4168, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4168) returned 1 [0095.327] SystemFunction036 (in: RandomBuffer=0x12be4178, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4178) returned 1 [0095.327] VirtualAlloc (lpAddress=0x12be6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12be6000 [0095.328] GetFileType (hFile=0x304) returned 0x1 [0095.328] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.328] ReadFile (in: hFile=0x304, lpBuffer=0x12be6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12be6000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.328] VirtualAlloc (lpAddress=0x12bea000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bea000 [0095.329] GetFileType (hFile=0x304) returned 0x1 [0095.329] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.329] WriteFile (in: hFile=0x304, lpBuffer=0x12bea000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12bea000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.329] GetFileType (hFile=0x304) returned 0x1 [0095.329] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.329] SystemFunction036 (in: RandomBuffer=0x12bacf01, RandomBufferLength=0x40 | out: RandomBuffer=0x12bacf01) returned 1 [0095.330] WriteFile (in: hFile=0x304, lpBuffer=0x1298e7c8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x1298e7c8*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.330] WriteFile (in: hFile=0x304, lpBuffer=0x12bad000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12bad000*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.330] CloseHandle (hObject=0x304) returned 1 [0095.332] VirtualAlloc (lpAddress=0x12bee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bee000 [0095.333] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-JZ ca6GvEB8.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-jz ca6gveb8.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-JZ ca6GvEB8.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-jz ca6gveb8.xlsx.crypted"), dwFlags=0x1) returned 1 [0095.333] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-JZ ca6GvEB8.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-jz ca6gveb8.xlsx")) returned 0xffffffff [0095.333] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.375] SetEvent (hEvent=0x200) returned 1 [0095.375] VirtualAlloc (lpAddress=0x12bf0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bf0000 [0095.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\03GbZMlsTTv_yjD9Hjv.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\03gbzmlsttv_yjd9hjv.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12a1fc44 | out: lpFileInformation=0x12a1fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x314560c0, ftCreationTime.dwHighDateTime=0x1d70611, ftLastAccessTime.dwLowDateTime=0xc956320, ftLastAccessTime.dwHighDateTime=0x1d707b9, ftLastWriteTime.dwLowDateTime=0xc956320, ftLastWriteTime.dwHighDateTime=0x1d707b9, nFileSizeHigh=0x0, nFileSizeLow=0xe146)) returned 1 [0095.376] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\03GbZMlsTTv_yjD9Hjv.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\03gbzmlsttv_yjd9hjv.rtf")) returned 0x20 [0095.376] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\03GbZMlsTTv_yjD9Hjv.rtf", dwFileAttributes=0x20) returned 1 [0095.376] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\03GbZMlsTTv_yjD9Hjv.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\03gbzmlsttv_yjd9hjv.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0095.377] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12a1fe88 | out: lpMode=0x12a1fe88) returned 0 [0095.377] GetFileType (hFile=0x304) returned 0x1 [0095.377] GetFileType (hFile=0x304) returned 0x1 [0095.377] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.377] ReadFile (in: hFile=0x304, lpBuffer=0x1298e7d0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a1fd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e7d0*, lpNumberOfBytesRead=0x12a1fd14*=0x4, lpOverlapped=0x0) returned 1 [0095.377] SystemFunction036 (in: RandomBuffer=0x12be4348, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4348) returned 1 [0095.377] SystemFunction036 (in: RandomBuffer=0x12be4358, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4358) returned 1 [0095.377] VirtualAlloc (lpAddress=0x12bf2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bf2000 [0095.377] GetFileType (hFile=0x304) returned 0x1 [0095.377] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.377] ReadFile (in: hFile=0x304, lpBuffer=0x12bf2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a1fe80, lpOverlapped=0x0 | out: lpBuffer=0x12bf2000*, lpNumberOfBytesRead=0x12a1fe80*=0x4000, lpOverlapped=0x0) returned 1 [0095.378] VirtualAlloc (lpAddress=0x12bf6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bf6000 [0095.378] GetFileType (hFile=0x304) returned 0x1 [0095.378] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.378] WriteFile (in: hFile=0x304, lpBuffer=0x12bf6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a1fe78, lpOverlapped=0x0 | out: lpBuffer=0x12bf6000*, lpNumberOfBytesWritten=0x12a1fe78*=0x4000, lpOverlapped=0x0) returned 1 [0095.378] GetFileType (hFile=0x304) returned 0x1 [0095.378] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a1fe9c | out: lpNewFilePointer=0x0) returned 1 [0095.379] SystemFunction036 (in: RandomBuffer=0x12bad201, RandomBufferLength=0x40 | out: RandomBuffer=0x12bad201) returned 1 [0095.379] VirtualAlloc (lpAddress=0x12bfa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bfa000 [0095.379] VirtualAlloc (lpAddress=0x12bfc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bfc000 [0095.379] SetEvent (hEvent=0x2b4) returned 1 [0095.379] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.407] SetEvent (hEvent=0x200) returned 1 [0095.407] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.426] SetEvent (hEvent=0x218) returned 1 [0095.426] SetEvent (hEvent=0x200) returned 1 [0095.426] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.441] SetEvent (hEvent=0x2b4) returned 1 [0095.441] SetEvent (hEvent=0x200) returned 1 [0095.441] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.443] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x33b2fb20, ulCount=0x10, ulNumEntriesRemoved=0x33b2fb08, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x33b2fb20, ulNumEntriesRemoved=0x33b2fb08) returned 0 [0095.444] SetEvent (hEvent=0x218) returned 1 [0095.444] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0x990000 [0095.444] VirtualAlloc (lpAddress=0x12c4e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c4e000 [0095.444] VirtualAlloc (lpAddress=0x12c50000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c50000 [0095.445] WriteFile (in: hFile=0x304, lpBuffer=0x128108e0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x128108e0*, lpNumberOfBytesWritten=0x12a1fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.446] WriteFile (in: hFile=0x304, lpBuffer=0x12a7f400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a1fd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7f400*, lpNumberOfBytesWritten=0x12a1fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.446] CloseHandle (hObject=0x304) returned 1 [0095.451] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\03GbZMlsTTv_yjD9Hjv.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\03gbzmlsttv_yjd9hjv.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\03GbZMlsTTv_yjD9Hjv.rtf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\03gbzmlsttv_yjd9hjv.rtf.crypted"), dwFlags=0x1) returned 1 [0095.451] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\03GbZMlsTTv_yjD9Hjv.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\03gbzmlsttv_yjd9hjv.rtf")) returned 0xffffffff [0095.451] VirtualAlloc (lpAddress=0x12c58000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c58000 [0095.452] WaitForMultipleObjects (nCount=0x2, lpHandles=0x33b2fed8*=0x20c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.455] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.455] WaitForMultipleObjects (nCount=0x2, lpHandles=0x33b2fed8*=0x20c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.509] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.509] WaitForMultipleObjects (nCount=0x2, lpHandles=0x33b2feec*=0x20c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.515] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.515] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x33b2fb28, ulCount=0x10, ulNumEntriesRemoved=0x33b2fb10, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x33b2fb28, ulNumEntriesRemoved=0x33b2fb10) returned 0 [0095.517] SetEvent (hEvent=0x13c) returned 1 [0095.517] SetEvent (hEvent=0x200) returned 1 [0095.518] SetEvent (hEvent=0x2b4) returned 1 [0095.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x33b2fee4*=0x20c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.580] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.580] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.598] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.631] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\zZgXN8tXya.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\zzgxn8txya.docx"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ecb8eb0, ftCreationTime.dwHighDateTime=0x1d70262, ftLastAccessTime.dwLowDateTime=0x3858da80, ftLastAccessTime.dwHighDateTime=0x1d704c3, ftLastWriteTime.dwLowDateTime=0x3858da80, ftLastWriteTime.dwHighDateTime=0x1d704c3, nFileSizeHigh=0x0, nFileSizeLow=0x10a7a)) returned 1 [0095.631] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\zZgXN8tXya.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\zzgxn8txya.docx")) returned 0x20 [0095.631] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\zZgXN8tXya.docx", dwFileAttributes=0x20) returned 1 [0095.631] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\zZgXN8tXya.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\zzgxn8txya.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.632] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.632] GetFileType (hFile=0x310) returned 0x1 [0095.632] GetFileType (hFile=0x310) returned 0x1 [0095.632] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.632] ReadFile (in: hFile=0x310, lpBuffer=0x1298e18c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e18c*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.632] SystemFunction036 (in: RandomBuffer=0x12be46b8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be46b8) returned 1 [0095.632] SystemFunction036 (in: RandomBuffer=0x12be46c8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be46c8) returned 1 [0095.632] VirtualAlloc (lpAddress=0x12cc6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cc6000 [0095.633] GetFileType (hFile=0x310) returned 0x1 [0095.633] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.633] ReadFile (in: hFile=0x310, lpBuffer=0x12cc6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12cc6000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.633] VirtualAlloc (lpAddress=0x12cca000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cca000 [0095.633] GetFileType (hFile=0x310) returned 0x1 [0095.633] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.633] WriteFile (in: hFile=0x310, lpBuffer=0x12cca000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12cca000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.634] GetFileType (hFile=0x310) returned 0x1 [0095.634] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.634] SystemFunction036 (in: RandomBuffer=0x12b52c01, RandomBufferLength=0x40 | out: RandomBuffer=0x12b52c01) returned 1 [0095.634] VirtualAlloc (lpAddress=0x12cce000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cce000 [0095.635] WriteFile (in: hFile=0x310, lpBuffer=0x1298e1e8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e1e8*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0095.635] WriteFile (in: hFile=0x310, lpBuffer=0x12b52d00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12b52d00*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0095.635] CloseHandle (hObject=0x310) returned 1 [0095.638] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\zZgXN8tXya.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\zzgxn8txya.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\zZgXN8tXya.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\zzgxn8txya.docx.crypted"), dwFlags=0x1) returned 1 [0095.639] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\zZgXN8tXya.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\zzgxn8txya.docx")) returned 0xffffffff [0095.639] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.682] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.731] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.749] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.761] SetEvent (hEvent=0x2b4) returned 1 [0095.761] VirtualAlloc (lpAddress=0x12c7c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c7c000 [0095.762] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\CmqUn.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\cmqun.odp"), fInfoLevelId=0x0, lpFileInformation=0x12d85c44 | out: lpFileInformation=0x12d85c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53adc4e0, ftCreationTime.dwHighDateTime=0x1d706c5, ftLastAccessTime.dwLowDateTime=0x2aea26a0, ftLastAccessTime.dwHighDateTime=0x1d70924, ftLastWriteTime.dwLowDateTime=0x2aea26a0, ftLastWriteTime.dwHighDateTime=0x1d70924, nFileSizeHigh=0x0, nFileSizeLow=0x2607)) returned 1 [0095.762] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\CmqUn.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\cmqun.odp")) returned 0x20 [0095.762] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\CmqUn.odp", dwFileAttributes=0x20) returned 1 [0095.762] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\CmqUn.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\cmqun.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.763] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12d85e88 | out: lpMode=0x12d85e88) returned 0 [0095.763] GetFileType (hFile=0x310) returned 0x1 [0095.763] GetFileType (hFile=0x310) returned 0x1 [0095.763] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.763] ReadFile (in: hFile=0x310, lpBuffer=0x12900068, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d85d14, lpOverlapped=0x0 | out: lpBuffer=0x12900068*, lpNumberOfBytesRead=0x12d85d14*=0x4, lpOverlapped=0x0) returned 1 [0095.763] SystemFunction036 (in: RandomBuffer=0x12c903e8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c903e8) returned 1 [0095.763] SystemFunction036 (in: RandomBuffer=0x12c903f8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c903f8) returned 1 [0095.763] GetFileType (hFile=0x310) returned 0x1 [0095.763] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0095.763] ReadFile (in: hFile=0x310, lpBuffer=0x12852000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d85e80, lpOverlapped=0x0 | out: lpBuffer=0x12852000*, lpNumberOfBytesRead=0x12d85e80*=0x2607, lpOverlapped=0x0) returned 1 [0095.763] GetFileType (hFile=0x310) returned 0x1 [0095.763] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0095.763] WriteFile (in: hFile=0x310, lpBuffer=0x128f6000*, nNumberOfBytesToWrite=0x2610, lpNumberOfBytesWritten=0x12d85e78, lpOverlapped=0x0 | out: lpBuffer=0x128f6000*, lpNumberOfBytesWritten=0x12d85e78*=0x2610, lpOverlapped=0x0) returned 1 [0095.764] GetFileType (hFile=0x310) returned 0x1 [0095.764] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0095.764] SystemFunction036 (in: RandomBuffer=0x12c72301, RandomBufferLength=0x40 | out: RandomBuffer=0x12c72301) returned 1 [0095.764] WriteFile (in: hFile=0x310, lpBuffer=0x129000c4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d85d88, lpOverlapped=0x0 | out: lpBuffer=0x129000c4*, lpNumberOfBytesWritten=0x12d85d88*=0x4, lpOverlapped=0x0) returned 1 [0095.764] WriteFile (in: hFile=0x310, lpBuffer=0x12c72400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d85d88, lpOverlapped=0x0 | out: lpBuffer=0x12c72400*, lpNumberOfBytesWritten=0x12d85d88*=0x100, lpOverlapped=0x0) returned 1 [0095.764] CloseHandle (hObject=0x310) returned 1 [0095.769] VirtualAlloc (lpAddress=0x12c7e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c7e000 [0095.773] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\CmqUn.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\cmqun.odp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\CmqUn.odp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\cmqun.odp.crypted"), dwFlags=0x1) returned 1 [0095.774] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\CmqUn.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\cmqun.odp")) returned 0xffffffff [0095.774] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.814] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0095.863] SetEvent (hEvent=0x2ec) returned 1 [0095.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\q8eTg6wNzG.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\q8etg6wnzg.odt"), fInfoLevelId=0x0, lpFileInformation=0x12d85c44 | out: lpFileInformation=0x12d85c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa2c6a80, ftCreationTime.dwHighDateTime=0x1d706af, ftLastAccessTime.dwLowDateTime=0xed5ced70, ftLastAccessTime.dwHighDateTime=0x1d7085d, ftLastWriteTime.dwLowDateTime=0xed5ced70, ftLastWriteTime.dwHighDateTime=0x1d7085d, nFileSizeHigh=0x0, nFileSizeLow=0xc248)) returned 1 [0095.863] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\q8eTg6wNzG.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\q8etg6wnzg.odt")) returned 0x20 [0095.863] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\q8eTg6wNzG.odt", dwFileAttributes=0x20) returned 1 [0095.863] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\q8eTg6wNzG.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\q8etg6wnzg.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0095.863] GetConsoleMode (in: hConsoleHandle=0x28c, lpMode=0x12d85e88 | out: lpMode=0x12d85e88) returned 0 [0095.863] GetFileType (hFile=0x28c) returned 0x1 [0095.863] GetFileType (hFile=0x28c) returned 0x1 [0095.863] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.863] ReadFile (in: hFile=0x28c, lpBuffer=0x129000cc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d85d14, lpOverlapped=0x0 | out: lpBuffer=0x129000cc*, lpNumberOfBytesRead=0x12d85d14*=0x4, lpOverlapped=0x0) returned 1 [0095.864] SystemFunction036 (in: RandomBuffer=0x12c90578, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90578) returned 1 [0095.864] SystemFunction036 (in: RandomBuffer=0x12c90588, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90588) returned 1 [0095.864] GetFileType (hFile=0x28c) returned 0x1 [0095.864] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0095.864] ReadFile (in: hFile=0x28c, lpBuffer=0x12856000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d85e80, lpOverlapped=0x0 | out: lpBuffer=0x12856000*, lpNumberOfBytesRead=0x12d85e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.864] GetFileType (hFile=0x28c) returned 0x1 [0095.864] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0095.864] WriteFile (in: hFile=0x28c, lpBuffer=0x1286e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d85e78, lpOverlapped=0x0 | out: lpBuffer=0x1286e000*, lpNumberOfBytesWritten=0x12d85e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.864] GetFileType (hFile=0x28c) returned 0x1 [0095.864] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0095.864] SystemFunction036 (in: RandomBuffer=0x12c72601, RandomBufferLength=0x40 | out: RandomBuffer=0x12c72601) returned 1 [0095.865] WriteFile (in: hFile=0x28c, lpBuffer=0x12900128*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d85d88, lpOverlapped=0x0 | out: lpBuffer=0x12900128*, lpNumberOfBytesWritten=0x12d85d88*=0x4, lpOverlapped=0x0) returned 1 [0095.865] WriteFile (in: hFile=0x28c, lpBuffer=0x12c72700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d85d88, lpOverlapped=0x0 | out: lpBuffer=0x12c72700*, lpNumberOfBytesWritten=0x12d85d88*=0x100, lpOverlapped=0x0) returned 1 [0095.865] CloseHandle (hObject=0x28c) returned 1 [0095.869] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\q8eTg6wNzG.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\q8etg6wnzg.odt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\q8eTg6wNzG.odt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\q8etg6wnzg.odt.crypted"), dwFlags=0x1) returned 1 [0095.870] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\q8eTg6wNzG.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\q8etg6wnzg.odt")) returned 0xffffffff [0095.870] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) Thread: id = 25 os_tid = 0xc10 [0094.139] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x33c6ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x33c6ff28*=0x214) returned 1 [0094.139] VirtualQuery (in: lpAddress=0x33c6ff38, lpBuffer=0x33c6ff38, dwLength=0x1c | out: lpBuffer=0x33c6ff38*(BaseAddress=0x33c6f000, AllocationBase=0x33b70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.139] SetEvent (hEvent=0xfc) returned 1 [0094.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x218 [0094.139] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x21c [0094.139] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0094.147] SetEvent (hEvent=0x1ec) returned 1 [0094.147] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0094.152] SetEvent (hEvent=0x20c) returned 1 [0094.152] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1289ed80*, nNumberOfCharsToWrite=0xa, lpNumberOfCharsWritten=0x12859a78, lpReserved=0x0 | out: lpBuffer=0x1289ed80*, lpNumberOfCharsWritten=0x12859a78*=0xa) returned 1 [0094.170] VirtualAlloc (lpAddress=0x12b0e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b0e000 [0094.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\irbhWMK5C3JR.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\irbhwmk5c3jr.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12b13c44 | out: lpFileInformation=0x12b13c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6600d2b0, ftCreationTime.dwHighDateTime=0x1d70425, ftLastAccessTime.dwLowDateTime=0xb9eb8b60, ftLastAccessTime.dwHighDateTime=0x1d7069e, ftLastWriteTime.dwLowDateTime=0xb9eb8b60, ftLastWriteTime.dwHighDateTime=0x1d7069e, nFileSizeHigh=0x0, nFileSizeLow=0x4a74)) returned 1 [0094.170] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\irbhWMK5C3JR.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\irbhwmk5c3jr.bmp")) returned 0x20 [0094.170] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\irbhWMK5C3JR.bmp", dwFileAttributes=0x20) returned 1 [0094.171] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\irbhWMK5C3JR.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\irbhwmk5c3jr.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0094.171] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x12b13e88 | out: lpMode=0x12b13e88) returned 0 [0094.171] GetFileType (hFile=0x228) returned 0x1 [0094.171] VirtualAlloc (lpAddress=0x12b16000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b16000 [0094.171] GetFileType (hFile=0x228) returned 0x1 [0094.171] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b13e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.171] ReadFile (in: hFile=0x228, lpBuffer=0x1288b360, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b13d14, lpOverlapped=0x0 | out: lpBuffer=0x1288b360*, lpNumberOfBytesRead=0x12b13d14*=0x4, lpOverlapped=0x0) returned 1 [0094.171] SystemFunction036 (in: RandomBuffer=0x128ccd98, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccd98) returned 1 [0094.171] SystemFunction036 (in: RandomBuffer=0x128ccda8, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccda8) returned 1 [0094.171] VirtualAlloc (lpAddress=0x12b18000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b18000 [0094.172] GetFileType (hFile=0x228) returned 0x1 [0094.172] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b13e9c | out: lpNewFilePointer=0x0) returned 1 [0094.172] ReadFile (in: hFile=0x228, lpBuffer=0x12b18000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b13e80, lpOverlapped=0x0 | out: lpBuffer=0x12b18000*, lpNumberOfBytesRead=0x12b13e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.172] VirtualAlloc (lpAddress=0x12b1c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b1c000 [0094.172] GetFileType (hFile=0x228) returned 0x1 [0094.172] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b13e9c | out: lpNewFilePointer=0x0) returned 1 [0094.172] WriteFile (in: hFile=0x228, lpBuffer=0x12b1c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b13e78, lpOverlapped=0x0 | out: lpBuffer=0x12b1c000*, lpNumberOfBytesWritten=0x12b13e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.173] GetFileType (hFile=0x228) returned 0x1 [0094.173] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b13e9c | out: lpNewFilePointer=0x0) returned 1 [0094.173] SystemFunction036 (in: RandomBuffer=0x128def01, RandomBufferLength=0x40 | out: RandomBuffer=0x128def01) returned 1 [0094.173] WriteFile (in: hFile=0x228, lpBuffer=0x1288b3bc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b13d88, lpOverlapped=0x0 | out: lpBuffer=0x1288b3bc*, lpNumberOfBytesWritten=0x12b13d88*=0x4, lpOverlapped=0x0) returned 1 [0094.173] WriteFile (in: hFile=0x228, lpBuffer=0x128df000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b13d88, lpOverlapped=0x0 | out: lpBuffer=0x128df000*, lpNumberOfBytesWritten=0x12b13d88*=0x100, lpOverlapped=0x0) returned 1 [0094.173] CloseHandle (hObject=0x228) returned 1 [0094.187] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\irbhWMK5C3JR.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\irbhwmk5c3jr.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\irbhWMK5C3JR.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\irbhwmk5c3jr.bmp.crypted"), dwFlags=0x1) returned 1 [0095.108] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.123] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\irbhWMK5C3JR.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\irbhwmk5c3jr.bmp")) returned 0xffffffff [0095.156] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.190] SetEvent (hEvent=0x2cc) returned 1 [0095.190] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.212] SetEvent (hEvent=0x200) returned 1 [0095.212] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.337] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.348] SetEvent (hEvent=0x20c) returned 1 [0095.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-hL1jdjMmVRK1ZFL0_5B.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-hl1jdjmmvrk1zfl0_5b.docx"), fInfoLevelId=0x0, lpFileInformation=0x12b6dc44 | out: lpFileInformation=0x12b6dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee973cb0, ftCreationTime.dwHighDateTime=0x1d6fd9d, ftLastAccessTime.dwLowDateTime=0xbf21a8e0, ftLastAccessTime.dwHighDateTime=0x1d7056c, ftLastWriteTime.dwLowDateTime=0xbf21a8e0, ftLastWriteTime.dwHighDateTime=0x1d7056c, nFileSizeHigh=0x0, nFileSizeLow=0x2fe4)) returned 1 [0095.348] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-hL1jdjMmVRK1ZFL0_5B.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-hl1jdjmmvrk1zfl0_5b.docx")) returned 0x20 [0095.348] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-hL1jdjMmVRK1ZFL0_5B.docx", dwFileAttributes=0x20) returned 1 [0095.348] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-hL1jdjMmVRK1ZFL0_5B.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-hl1jdjmmvrk1zfl0_5b.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0095.348] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12b6de88 | out: lpMode=0x12b6de88) returned 0 [0095.348] GetFileType (hFile=0x304) returned 0x1 [0095.348] GetFileType (hFile=0x304) returned 0x1 [0095.348] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.349] ReadFile (in: hFile=0x304, lpBuffer=0x1288b740, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b6dd14, lpOverlapped=0x0 | out: lpBuffer=0x1288b740*, lpNumberOfBytesRead=0x12b6dd14*=0x4, lpOverlapped=0x0) returned 1 [0095.349] SystemFunction036 (in: RandomBuffer=0x128cdd38, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdd38) returned 1 [0095.349] SystemFunction036 (in: RandomBuffer=0x128cdd48, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdd48) returned 1 [0095.349] VirtualAlloc (lpAddress=0x12b7c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b7c000 [0095.349] GetFileType (hFile=0x304) returned 0x1 [0095.349] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.349] ReadFile (in: hFile=0x304, lpBuffer=0x12b7c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b6de80, lpOverlapped=0x0 | out: lpBuffer=0x12b7c000*, lpNumberOfBytesRead=0x12b6de80*=0x2fe4, lpOverlapped=0x0) returned 1 [0095.349] VirtualAlloc (lpAddress=0x12d00000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d00000 [0095.350] GetFileType (hFile=0x304) returned 0x1 [0095.350] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.350] WriteFile (in: hFile=0x304, lpBuffer=0x12d00000*, nNumberOfBytesToWrite=0x2ff0, lpNumberOfBytesWritten=0x12b6de78, lpOverlapped=0x0 | out: lpBuffer=0x12d00000*, lpNumberOfBytesWritten=0x12b6de78*=0x2ff0, lpOverlapped=0x0) returned 1 [0095.353] GetFileType (hFile=0x304) returned 0x1 [0095.353] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b6de9c | out: lpNewFilePointer=0x0) returned 1 [0095.353] SystemFunction036 (in: RandomBuffer=0x12b53401, RandomBufferLength=0x40 | out: RandomBuffer=0x12b53401) returned 1 [0095.353] VirtualAlloc (lpAddress=0x12d06000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d06000 [0095.353] VirtualAlloc (lpAddress=0x12d08000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d08000 [0095.354] WriteFile (in: hFile=0x304, lpBuffer=0x1288b79c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b6dd88, lpOverlapped=0x0 | out: lpBuffer=0x1288b79c*, lpNumberOfBytesWritten=0x12b6dd88*=0x4, lpOverlapped=0x0) returned 1 [0095.354] WriteFile (in: hFile=0x304, lpBuffer=0x12b53500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b6dd88, lpOverlapped=0x0 | out: lpBuffer=0x12b53500*, lpNumberOfBytesWritten=0x12b6dd88*=0x100, lpOverlapped=0x0) returned 1 [0095.354] CloseHandle (hObject=0x304) returned 1 [0095.356] VirtualAlloc (lpAddress=0x12d0c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d0c000 [0095.356] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-hL1jdjMmVRK1ZFL0_5B.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-hl1jdjmmvrk1zfl0_5b.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-hL1jdjMmVRK1ZFL0_5B.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-hl1jdjmmvrk1zfl0_5b.docx.crypted"), dwFlags=0x1) returned 1 [0095.357] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\-hL1jdjMmVRK1ZFL0_5B.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\-hl1jdjmmvrk1zfl0_5b.docx")) returned 0xffffffff [0095.357] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.391] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\CzW_XpqO6uC53L50.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\czw_xpqo6uc53l50.csv"), fInfoLevelId=0x0, lpFileInformation=0x12a6dc44 | out: lpFileInformation=0x12a6dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb0ce5b0, ftCreationTime.dwHighDateTime=0x1d703d2, ftLastAccessTime.dwLowDateTime=0xa2c74e0, ftLastAccessTime.dwHighDateTime=0x1d70776, ftLastWriteTime.dwLowDateTime=0xa2c74e0, ftLastWriteTime.dwHighDateTime=0x1d70776, nFileSizeHigh=0x0, nFileSizeLow=0x42d2)) returned 1 [0095.391] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\CzW_XpqO6uC53L50.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\czw_xpqo6uc53l50.csv")) returned 0x20 [0095.391] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\CzW_XpqO6uC53L50.csv", dwFileAttributes=0x20) returned 1 [0095.391] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\CzW_XpqO6uC53L50.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\czw_xpqo6uc53l50.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0095.391] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12a6de88 | out: lpMode=0x12a6de88) returned 0 [0095.391] GetFileType (hFile=0x308) returned 0x1 [0095.391] GetFileType (hFile=0x308) returned 0x1 [0095.392] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.392] ReadFile (in: hFile=0x308, lpBuffer=0x128108dc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6dd14, lpOverlapped=0x0 | out: lpBuffer=0x128108dc*, lpNumberOfBytesRead=0x12a6dd14*=0x4, lpOverlapped=0x0) returned 1 [0095.392] SystemFunction036 (in: RandomBuffer=0x12817b58, RandomBufferLength=0x10 | out: RandomBuffer=0x12817b58) returned 1 [0095.392] SystemFunction036 (in: RandomBuffer=0x12817b68, RandomBufferLength=0x10 | out: RandomBuffer=0x12817b68) returned 1 [0095.392] VirtualAlloc (lpAddress=0x12c4a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c4a000 [0095.392] SetEvent (hEvent=0x20c) returned 1 [0095.392] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.426] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.440] SetEvent (hEvent=0x2b4) returned 1 [0095.440] SetEvent (hEvent=0x20c) returned 1 [0095.440] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.443] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.454] SetEvent (hEvent=0x20c) returned 1 [0095.454] SetEvent (hEvent=0x200) returned 1 [0095.454] SwitchToThread () returned 1 [0095.456] SetEvent (hEvent=0x20c) returned 1 [0095.456] GetFileType (hFile=0x308) returned 0x1 [0095.456] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12942e9c | out: lpNewFilePointer=0x0) returned 1 [0095.456] ReadFile (in: hFile=0x308, lpBuffer=0x12c4a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12942e80, lpOverlapped=0x0 | out: lpBuffer=0x12c4a000*, lpNumberOfBytesRead=0x12942e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.456] VirtualAlloc (lpAddress=0x12d12000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d12000 [0095.457] GetFileType (hFile=0x308) returned 0x1 [0095.457] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12942e9c | out: lpNewFilePointer=0x0) returned 1 [0095.457] WriteFile (in: hFile=0x308, lpBuffer=0x12d12000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12942e78, lpOverlapped=0x0 | out: lpBuffer=0x12d12000*, lpNumberOfBytesWritten=0x12942e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.457] GetFileType (hFile=0x308) returned 0x1 [0095.457] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12942e9c | out: lpNewFilePointer=0x0) returned 1 [0095.457] VirtualAlloc (lpAddress=0x12d16000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d16000 [0095.458] SystemFunction036 (in: RandomBuffer=0x12b53701, RandomBufferLength=0x40 | out: RandomBuffer=0x12b53701) returned 1 [0095.458] WriteFile (in: hFile=0x308, lpBuffer=0x1288b800*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b6fd88, lpOverlapped=0x0 | out: lpBuffer=0x1288b800*, lpNumberOfBytesWritten=0x12b6fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.458] WriteFile (in: hFile=0x308, lpBuffer=0x12b53800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12b53800*, lpNumberOfBytesWritten=0x12b6fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.458] CloseHandle (hObject=0x308) returned 1 [0095.460] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\CzW_XpqO6uC53L50.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\czw_xpqo6uc53l50.csv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\CzW_XpqO6uC53L50.csv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\czw_xpqo6uc53l50.csv.crypted"), dwFlags=0x1) returned 1 [0095.460] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\CzW_XpqO6uC53L50.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\czw_xpqo6uc53l50.csv")) returned 0xffffffff [0095.460] GetFileType (hFile=0x30c) returned 0x1 [0095.460] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1282ae9c | out: lpNewFilePointer=0x0) returned 1 [0095.460] ReadFile (in: hFile=0x30c, lpBuffer=0x12d80000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x1282ae80, lpOverlapped=0x0 | out: lpBuffer=0x12d80000*, lpNumberOfBytesRead=0x1282ae80*=0x4000, lpOverlapped=0x0) returned 1 [0095.461] VirtualAlloc (lpAddress=0x12d18000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d18000 [0095.461] GetFileType (hFile=0x30c) returned 0x1 [0095.461] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1282ae9c | out: lpNewFilePointer=0x0) returned 1 [0095.461] WriteFile (in: hFile=0x30c, lpBuffer=0x12d18000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x1282ae78, lpOverlapped=0x0 | out: lpBuffer=0x12d18000*, lpNumberOfBytesWritten=0x1282ae78*=0x4000, lpOverlapped=0x0) returned 1 [0095.461] GetFileType (hFile=0x30c) returned 0x1 [0095.461] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1282ae9c | out: lpNewFilePointer=0x0) returned 1 [0095.462] SystemFunction036 (in: RandomBuffer=0x12b53a01, RandomBufferLength=0x40 | out: RandomBuffer=0x12b53a01) returned 1 [0095.465] WriteFile (in: hFile=0x30c, lpBuffer=0x1288b85c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b6fd88, lpOverlapped=0x0 | out: lpBuffer=0x1288b85c*, lpNumberOfBytesWritten=0x12b6fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.465] WriteFile (in: hFile=0x30c, lpBuffer=0x12b53b00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12b53b00*, lpNumberOfBytesWritten=0x12b6fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.465] CloseHandle (hObject=0x30c) returned 1 [0095.467] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NJYrymxV9.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\njyrymxv9.xls"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NJYrymxV9.xls.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\njyrymxv9.xls.crypted"), dwFlags=0x1) returned 1 [0095.467] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NJYrymxV9.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\njyrymxv9.xls")) returned 0xffffffff [0095.467] GetFileType (hFile=0x310) returned 0x1 [0095.467] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12827e9c | out: lpNewFilePointer=0x0) returned 1 [0095.467] ReadFile (in: hFile=0x310, lpBuffer=0x12d0e000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12827e80, lpOverlapped=0x0 | out: lpBuffer=0x12d0e000*, lpNumberOfBytesRead=0x12827e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.468] VirtualAlloc (lpAddress=0x12d1c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d1c000 [0095.468] GetFileType (hFile=0x310) returned 0x1 [0095.468] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12827e9c | out: lpNewFilePointer=0x0) returned 1 [0095.468] WriteFile (in: hFile=0x310, lpBuffer=0x12d1c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12827e78, lpOverlapped=0x0 | out: lpBuffer=0x12d1c000*, lpNumberOfBytesWritten=0x12827e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.469] GetFileType (hFile=0x310) returned 0x1 [0095.469] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12827e9c | out: lpNewFilePointer=0x0) returned 1 [0095.469] VirtualAlloc (lpAddress=0x12d20000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d20000 [0095.469] SystemFunction036 (in: RandomBuffer=0x12b53d01, RandomBufferLength=0x40 | out: RandomBuffer=0x12b53d01) returned 1 [0095.470] VirtualAlloc (lpAddress=0x12d22000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d22000 [0095.470] WriteFile (in: hFile=0x310, lpBuffer=0x1288b8b8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b6fd88, lpOverlapped=0x0 | out: lpBuffer=0x1288b8b8*, lpNumberOfBytesWritten=0x12b6fd88*=0x4, lpOverlapped=0x0) returned 1 [0095.470] WriteFile (in: hFile=0x310, lpBuffer=0x12b53e00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12b53e00*, lpNumberOfBytesWritten=0x12b6fd88*=0x100, lpOverlapped=0x0) returned 1 [0095.470] CloseHandle (hObject=0x310) returned 1 [0095.472] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NvhgQY.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\nvhgqy.xls"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NvhgQY.xls.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\nvhgqy.xls.crypted"), dwFlags=0x1) returned 1 [0095.473] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NvhgQY.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\nvhgqy.xls")) returned 0xffffffff [0095.473] VirtualAlloc (lpAddress=0x12d24000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d24000 [0095.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\YYIkjg13SNtmwKdTH3.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\yyikjg13sntmwkdth3.csv"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae9b1a80, ftCreationTime.dwHighDateTime=0x1d6fbd3, ftLastAccessTime.dwLowDateTime=0xa1d8d230, ftLastAccessTime.dwHighDateTime=0x1d705e5, ftLastWriteTime.dwLowDateTime=0xa1d8d230, ftLastWriteTime.dwHighDateTime=0x1d705e5, nFileSizeHigh=0x0, nFileSizeLow=0xab2f)) returned 1 [0095.474] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d2fc0*, nNumberOfCharsToWrite=0x59, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d2fc0*, lpNumberOfCharsWritten=0x12831778*=0x59) returned 1 [0095.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe97b97b0, ftCreationTime.dwHighDateTime=0x1d6fcf0, ftLastAccessTime.dwLowDateTime=0xd38fff30, ftLastAccessTime.dwHighDateTime=0x1d70485, ftLastWriteTime.dwLowDateTime=0xd38fff30, ftLastWriteTime.dwHighDateTime=0x1d70485, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0095.486] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0095.486] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\*", lpFindFileData=0x12831930 | out: lpFindFileData=0x12831930*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe97b97b0, ftCreationTime.dwHighDateTime=0x1d6fcf0, ftLastAccessTime.dwLowDateTime=0xd38fff30, ftLastAccessTime.dwHighDateTime=0x1d70485, ftLastWriteTime.dwLowDateTime=0xd38fff30, ftLastWriteTime.dwHighDateTime=0x1d70485, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0095.486] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe97b97b0, ftCreationTime.dwHighDateTime=0x1d6fcf0, ftLastAccessTime.dwLowDateTime=0xd38fff30, ftLastAccessTime.dwHighDateTime=0x1d70485, ftLastWriteTime.dwLowDateTime=0xd38fff30, ftLastWriteTime.dwHighDateTime=0x1d70485, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.486] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1ba4da0, ftCreationTime.dwHighDateTime=0x1d706f7, ftLastAccessTime.dwLowDateTime=0xa7525ef0, ftLastAccessTime.dwHighDateTime=0x1d70961, ftLastWriteTime.dwLowDateTime=0xa7525ef0, ftLastWriteTime.dwHighDateTime=0x1d70961, nFileSizeHigh=0x0, nFileSizeLow=0x8f9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="aiei3.doc", cAlternateFileName="")) returned 1 [0095.486] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8765add0, ftCreationTime.dwHighDateTime=0x1d7082c, ftLastAccessTime.dwLowDateTime=0x55ee1a30, ftLastAccessTime.dwHighDateTime=0x1d70881, ftLastWriteTime.dwLowDateTime=0x55ee1a30, ftLastWriteTime.dwHighDateTime=0x1d70881, nFileSizeHigh=0x0, nFileSizeLow=0x11216, dwReserved0=0x0, dwReserved1=0x0, cFileName="bNvBM12ZP88xhuWaAeV.docx", cAlternateFileName="BNVBM1~1.DOC")) returned 1 [0095.486] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3df2a550, ftCreationTime.dwHighDateTime=0x1d701f0, ftLastAccessTime.dwLowDateTime=0x9cbdcb20, ftLastAccessTime.dwHighDateTime=0x1d708f6, ftLastWriteTime.dwLowDateTime=0x9cbdcb20, ftLastWriteTime.dwHighDateTime=0x1d708f6, nFileSizeHigh=0x0, nFileSizeLow=0x18365, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ke4Xu6HrzU4nsA9.doc", cAlternateFileName="KE4XU6~1.DOC")) returned 1 [0095.487] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed17ebf0, ftCreationTime.dwHighDateTime=0x1d6ff9b, ftLastAccessTime.dwLowDateTime=0x6bf3b860, ftLastAccessTime.dwHighDateTime=0x1d701b2, ftLastWriteTime.dwLowDateTime=0x6bf3b860, ftLastWriteTime.dwHighDateTime=0x1d701b2, nFileSizeHigh=0x0, nFileSizeLow=0x77dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="WmDqkoE85dUrhaVe.pps", cAlternateFileName="WMDQKO~1.PPS")) returned 1 [0095.487] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x1283192c | out: lpFindFileData=0x1283192c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.487] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0095.487] VirtualAlloc (lpAddress=0x12d26000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d26000 [0095.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x128319b4 | out: lpFileInformation=0x128319b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.487] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0095.487] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x30c [0095.488] GetConsoleMode (in: hConsoleHandle=0x30c, lpMode=0x12831bcc | out: lpMode=0x12831bcc) returned 0 [0095.488] GetFileType (hFile=0x30c) returned 0x1 [0095.488] WriteFile (in: hFile=0x30c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831bbc, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831bbc*=0x2b8, lpOverlapped=0x0) returned 1 [0095.489] CloseHandle (hObject=0x30c) returned 1 [0095.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\Ke4Xu6HrzU4nsA9.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\ke4xu6hrzu4nsa9.doc"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3df2a550, ftCreationTime.dwHighDateTime=0x1d701f0, ftLastAccessTime.dwLowDateTime=0x9cbdcb20, ftLastAccessTime.dwHighDateTime=0x1d708f6, ftLastWriteTime.dwLowDateTime=0x9cbdcb20, ftLastWriteTime.dwHighDateTime=0x1d708f6, nFileSizeHigh=0x0, nFileSizeLow=0x18365)) returned 1 [0095.489] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128f5420*, nNumberOfCharsToWrite=0x69, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x128f5420*, lpNumberOfCharsWritten=0x12831710*=0x69) returned 1 [0095.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\WmDqkoE85dUrhaVe.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\wmdqkoe85durhave.pps"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed17ebf0, ftCreationTime.dwHighDateTime=0x1d6ff9b, ftLastAccessTime.dwLowDateTime=0x6bf3b860, ftLastAccessTime.dwHighDateTime=0x1d701b2, ftLastWriteTime.dwLowDateTime=0x6bf3b860, ftLastWriteTime.dwHighDateTime=0x1d701b2, nFileSizeHigh=0x0, nFileSizeLow=0x77dd)) returned 1 [0095.501] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128f5500*, nNumberOfCharsToWrite=0x6a, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x128f5500*, lpNumberOfCharsWritten=0x12831710*=0x6a) returned 1 [0095.515] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0095.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\aiei3.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\aiei3.doc"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1ba4da0, ftCreationTime.dwHighDateTime=0x1d706f7, ftLastAccessTime.dwLowDateTime=0xa7525ef0, ftLastAccessTime.dwHighDateTime=0x1d70961, ftLastWriteTime.dwLowDateTime=0xa7525ef0, ftLastWriteTime.dwHighDateTime=0x1d70961, nFileSizeHigh=0x0, nFileSizeLow=0x8f9f)) returned 1 [0095.539] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d20c0*, nNumberOfCharsToWrite=0x5f, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x128d20c0*, lpNumberOfCharsWritten=0x12831710*=0x5f) returned 1 [0095.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\bNvBM12ZP88xhuWaAeV.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\bnvbm12zp88xhuwaaev.docx"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8765add0, ftCreationTime.dwHighDateTime=0x1d7082c, ftLastAccessTime.dwLowDateTime=0x55ee1a30, ftLastAccessTime.dwHighDateTime=0x1d70881, ftLastWriteTime.dwLowDateTime=0x55ee1a30, ftLastWriteTime.dwHighDateTime=0x1d70881, nFileSizeHigh=0x0, nFileSizeLow=0x11216)) returned 1 [0095.556] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128f40e0*, nNumberOfCharsToWrite=0x6e, lpNumberOfCharsWritten=0x12831710, lpReserved=0x0 | out: lpBuffer=0x128f40e0*, lpNumberOfCharsWritten=0x12831710*=0x6e) returned 1 [0095.580] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\m9rQ-Zp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\m9rq-zp.xls"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8d39c80, ftCreationTime.dwHighDateTime=0x1d7087d, ftLastAccessTime.dwLowDateTime=0xe14fdaa0, ftLastAccessTime.dwHighDateTime=0x1d708c7, ftLastWriteTime.dwLowDateTime=0xe14fdaa0, ftLastWriteTime.dwHighDateTime=0x1d708c7, nFileSizeHigh=0x0, nFileSizeLow=0xe72b)) returned 1 [0095.580] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4000*, nNumberOfCharsToWrite=0x4e, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x129a4000*, lpNumberOfCharsWritten=0x12831778*=0x4e) returned 1 [0095.598] SetEvent (hEvent=0x200) returned 1 [0095.598] VirtualAlloc (lpAddress=0x12daa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12daa000 [0095.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\zZgXN8tXya.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\zzgxn8txya.docx"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ecb8eb0, ftCreationTime.dwHighDateTime=0x1d70262, ftLastAccessTime.dwLowDateTime=0x3858da80, ftLastAccessTime.dwHighDateTime=0x1d704c3, ftLastWriteTime.dwLowDateTime=0x3858da80, ftLastWriteTime.dwHighDateTime=0x1d704c3, nFileSizeHigh=0x0, nFileSizeLow=0x10a7a)) returned 1 [0095.598] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1288e160*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x1288e160*, lpNumberOfCharsWritten=0x12831778*=0x52) returned 1 [0095.620] SetEvent (hEvent=0x200) returned 1 [0095.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\5m1S6Vhyy.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\5m1s6vhyy.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0cdfc40, ftCreationTime.dwHighDateTime=0x1d6ff0a, ftLastAccessTime.dwLowDateTime=0x69ab7950, ftLastAccessTime.dwHighDateTime=0x1d70363, ftLastWriteTime.dwLowDateTime=0x69ab7950, ftLastWriteTime.dwHighDateTime=0x1d70363, nFileSizeHigh=0x0, nFileSizeLow=0xfdbe)) returned 1 [0095.621] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a4140*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x129a4140*, lpNumberOfCharsWritten=0x128317e0*=0x49) returned 1 [0095.640] SetEvent (hEvent=0x200) returned 1 [0095.640] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3324d400, ftCreationTime.dwHighDateTime=0x1d709d3, ftLastAccessTime.dwLowDateTime=0x9d2fc2f0, ftLastAccessTime.dwHighDateTime=0x1d70a0b, ftLastWriteTime.dwLowDateTime=0x9d2fc2f0, ftLastWriteTime.dwHighDateTime=0x1d70a0b, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0095.640] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0095.641] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\*", lpFindFileData=0x12831998 | out: lpFindFileData=0x12831998*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3324d400, ftCreationTime.dwHighDateTime=0x1d709d3, ftLastAccessTime.dwLowDateTime=0x9d2fc2f0, ftLastAccessTime.dwHighDateTime=0x1d70a0b, ftLastWriteTime.dwLowDateTime=0x9d2fc2f0, ftLastWriteTime.dwHighDateTime=0x1d70a0b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3324d400, ftCreationTime.dwHighDateTime=0x1d709d3, ftLastAccessTime.dwLowDateTime=0x9d2fc2f0, ftLastAccessTime.dwHighDateTime=0x1d70a0b, ftLastWriteTime.dwLowDateTime=0x9d2fc2f0, ftLastWriteTime.dwHighDateTime=0x1d70a0b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee3e0e10, ftCreationTime.dwHighDateTime=0x1d7025c, ftLastAccessTime.dwLowDateTime=0x26b623e0, ftLastAccessTime.dwHighDateTime=0x1d708b6, ftLastWriteTime.dwLowDateTime=0x26b623e0, ftLastWriteTime.dwHighDateTime=0x1d708b6, nFileSizeHigh=0x0, nFileSizeLow=0x5872, dwReserved0=0x0, dwReserved1=0x0, cFileName="-3H43 g4.rtf", cAlternateFileName="-3H43G~1.RTF")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fe64510, ftCreationTime.dwHighDateTime=0x1d6ff8b, ftLastAccessTime.dwLowDateTime=0x65dda440, ftLastAccessTime.dwHighDateTime=0x1d705db, ftLastWriteTime.dwLowDateTime=0x65dda440, ftLastWriteTime.dwHighDateTime=0x1d705db, nFileSizeHigh=0x0, nFileSizeLow=0xb5dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="0HS-m8AnET_.csv", cAlternateFileName="0HS-M8~1.CSV")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x352e4110, ftCreationTime.dwHighDateTime=0x1d700ea, ftLastAccessTime.dwLowDateTime=0x8a0bf090, ftLastAccessTime.dwHighDateTime=0x1d708da, ftLastWriteTime.dwLowDateTime=0x8a0bf090, ftLastWriteTime.dwHighDateTime=0x1d708da, nFileSizeHigh=0x0, nFileSizeLow=0x926c, dwReserved0=0x0, dwReserved1=0x0, cFileName="3evmoN uAcG8aZ.doc", cAlternateFileName="3EVMON~1.DOC")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f2fa4f0, ftCreationTime.dwHighDateTime=0x1d6fbf1, ftLastAccessTime.dwLowDateTime=0x193040c0, ftLastAccessTime.dwHighDateTime=0x1d7050f, ftLastWriteTime.dwLowDateTime=0x193040c0, ftLastWriteTime.dwHighDateTime=0x1d7050f, nFileSizeHigh=0x0, nFileSizeLow=0x6471, dwReserved0=0x0, dwReserved1=0x0, cFileName="aMrWoUh.pdf", cAlternateFileName="")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53adc4e0, ftCreationTime.dwHighDateTime=0x1d706c5, ftLastAccessTime.dwLowDateTime=0x2aea26a0, ftLastAccessTime.dwHighDateTime=0x1d70924, ftLastWriteTime.dwLowDateTime=0x2aea26a0, ftLastWriteTime.dwHighDateTime=0x1d70924, nFileSizeHigh=0x0, nFileSizeLow=0x2607, dwReserved0=0x0, dwReserved1=0x0, cFileName="CmqUn.odp", cAlternateFileName="")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64206930, ftCreationTime.dwHighDateTime=0x1d6ff5f, ftLastAccessTime.dwLowDateTime=0xf7f2b3f0, ftLastAccessTime.dwHighDateTime=0x1d7044d, ftLastWriteTime.dwLowDateTime=0xf7f2b3f0, ftLastWriteTime.dwHighDateTime=0x1d7044d, nFileSizeHigh=0x0, nFileSizeLow=0x15783, dwReserved0=0x0, dwReserved1=0x0, cFileName="keqkXJmj_XVc8NkMC.rtf", cAlternateFileName="KEQKXJ~1.RTF")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c57f930, ftCreationTime.dwHighDateTime=0x1d6facc, ftLastAccessTime.dwLowDateTime=0x5359fbc0, ftLastAccessTime.dwHighDateTime=0x1d6ffc3, ftLastWriteTime.dwLowDateTime=0x5359fbc0, ftLastWriteTime.dwHighDateTime=0x1d6ffc3, nFileSizeHigh=0x0, nFileSizeLow=0x99fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kyrmv4S.odt", cAlternateFileName="")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa2c6a80, ftCreationTime.dwHighDateTime=0x1d706af, ftLastAccessTime.dwLowDateTime=0xed5ced70, ftLastAccessTime.dwHighDateTime=0x1d7085d, ftLastWriteTime.dwLowDateTime=0xed5ced70, ftLastWriteTime.dwHighDateTime=0x1d7085d, nFileSizeHigh=0x0, nFileSizeLow=0xc248, dwReserved0=0x0, dwReserved1=0x0, cFileName="q8eTg6wNzG.odt", cAlternateFileName="Q8ETG6~1.ODT")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b451000, ftCreationTime.dwHighDateTime=0x1d6fea5, ftLastAccessTime.dwLowDateTime=0x7e5160b0, ftLastAccessTime.dwHighDateTime=0x1d70348, ftLastWriteTime.dwLowDateTime=0x7e5160b0, ftLastWriteTime.dwHighDateTime=0x1d70348, nFileSizeHigh=0x0, nFileSizeLow=0x15d20, dwReserved0=0x0, dwReserved1=0x0, cFileName="ve5SvDA4.ods", cAlternateFileName="")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74eab500, ftCreationTime.dwHighDateTime=0x1d7058f, ftLastAccessTime.dwLowDateTime=0xb6da5890, ftLastAccessTime.dwHighDateTime=0x1d708b3, ftLastWriteTime.dwLowDateTime=0xb6da5890, ftLastWriteTime.dwHighDateTime=0x1d708b3, nFileSizeHigh=0x0, nFileSizeLow=0xc17d, dwReserved0=0x0, dwReserved1=0x0, cFileName="y8rkdvIeu_ne.odp", cAlternateFileName="Y8RKDV~1.ODP")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x502b35d0, ftCreationTime.dwHighDateTime=0x1d703fc, ftLastAccessTime.dwLowDateTime=0xe0d80270, ftLastAccessTime.dwHighDateTime=0x1d7061d, ftLastWriteTime.dwLowDateTime=0xe0d80270, ftLastWriteTime.dwHighDateTime=0x1d7061d, nFileSizeHigh=0x0, nFileSizeLow=0x140d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="yrCi4R1znEIIicM.ods", cAlternateFileName="YRCI4R~1.ODS")) returned 1 [0095.641] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.641] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0095.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a1c | out: lpFileInformation=0x12831a1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.641] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0095.641] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.642] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12831c34 | out: lpMode=0x12831c34) returned 0 [0095.642] GetFileType (hFile=0x310) returned 0x1 [0095.642] WriteFile (in: hFile=0x310, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c24, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c24*=0x2b8, lpOverlapped=0x0) returned 1 [0095.643] CloseHandle (hObject=0x310) returned 1 [0095.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\-3H43 g4.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\-3h43 g4.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee3e0e10, ftCreationTime.dwHighDateTime=0x1d7025c, ftLastAccessTime.dwLowDateTime=0x26b623e0, ftLastAccessTime.dwHighDateTime=0x1d708b6, ftLastWriteTime.dwLowDateTime=0x26b623e0, ftLastWriteTime.dwHighDateTime=0x1d708b6, nFileSizeHigh=0x0, nFileSizeLow=0x5872)) returned 1 [0095.643] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d8e540*, nNumberOfCharsToWrite=0x5c, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12d8e540*, lpNumberOfCharsWritten=0x12831778*=0x5c) returned 1 [0095.664] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\0HS-m8AnET_.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\0hs-m8anet_.csv"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1fe64510, ftCreationTime.dwHighDateTime=0x1d6ff8b, ftLastAccessTime.dwLowDateTime=0x65dda440, ftLastAccessTime.dwHighDateTime=0x1d705db, ftLastWriteTime.dwLowDateTime=0x65dda440, ftLastWriteTime.dwHighDateTime=0x1d705db, nFileSizeHigh=0x0, nFileSizeLow=0xb5dd)) returned 1 [0095.664] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d2240*, nNumberOfCharsToWrite=0x5f, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d2240*, lpNumberOfCharsWritten=0x12831778*=0x5f) returned 1 [0095.682] SetEvent (hEvent=0x20c) returned 1 [0095.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\3evmoN uAcG8aZ.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\3evmon uacg8az.doc"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x352e4110, ftCreationTime.dwHighDateTime=0x1d700ea, ftLastAccessTime.dwLowDateTime=0x8a0bf090, ftLastAccessTime.dwHighDateTime=0x1d708da, ftLastWriteTime.dwLowDateTime=0x8a0bf090, ftLastWriteTime.dwHighDateTime=0x1d708da, nFileSizeHigh=0x0, nFileSizeLow=0x926c)) returned 1 [0095.682] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d20a90*, nNumberOfCharsToWrite=0x62, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12d20a90*, lpNumberOfCharsWritten=0x12831778*=0x62) returned 1 [0095.731] SetEvent (hEvent=0x20c) returned 1 [0095.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\CmqUn.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\cmqun.odp"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53adc4e0, ftCreationTime.dwHighDateTime=0x1d706c5, ftLastAccessTime.dwLowDateTime=0x2aea26a0, ftLastAccessTime.dwHighDateTime=0x1d70924, ftLastWriteTime.dwLowDateTime=0x2aea26a0, ftLastWriteTime.dwHighDateTime=0x1d70924, nFileSizeHigh=0x0, nFileSizeLow=0x2607)) returned 1 [0095.732] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c32370*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12c32370*, lpNumberOfCharsWritten=0x12831778*=0x58) returned 1 [0095.749] SetEvent (hEvent=0x20c) returned 1 [0095.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\Kyrmv4S.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\kyrmv4s.odt"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c57f930, ftCreationTime.dwHighDateTime=0x1d6facc, ftLastAccessTime.dwLowDateTime=0x5359fbc0, ftLastAccessTime.dwHighDateTime=0x1d6ffc3, ftLastWriteTime.dwLowDateTime=0x5359fbc0, ftLastWriteTime.dwHighDateTime=0x1d6ffc3, nFileSizeHigh=0x0, nFileSizeLow=0x99fc)) returned 1 [0095.749] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d23c0*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d23c0*, lpNumberOfCharsWritten=0x12831778*=0x5b) returned 1 [0095.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\aMrWoUh.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\amrwouh.pdf"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f2fa4f0, ftCreationTime.dwHighDateTime=0x1d6fbf1, ftLastAccessTime.dwLowDateTime=0x193040c0, ftLastAccessTime.dwHighDateTime=0x1d7050f, ftLastWriteTime.dwLowDateTime=0x193040c0, ftLastWriteTime.dwHighDateTime=0x1d7050f, nFileSizeHigh=0x0, nFileSizeLow=0x6471)) returned 1 [0095.774] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d2480*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d2480*, lpNumberOfCharsWritten=0x12831778*=0x5b) returned 1 [0095.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\keqkXJmj_XVc8NkMC.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\keqkxjmj_xvc8nkmc.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64206930, ftCreationTime.dwHighDateTime=0x1d6ff5f, ftLastAccessTime.dwLowDateTime=0xf7f2b3f0, ftLastAccessTime.dwHighDateTime=0x1d7044d, ftLastWriteTime.dwLowDateTime=0xf7f2b3f0, ftLastWriteTime.dwHighDateTime=0x1d7044d, nFileSizeHigh=0x0, nFileSizeLow=0x15783)) returned 1 [0095.794] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d20b60*, nNumberOfCharsToWrite=0x65, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12d20b60*, lpNumberOfCharsWritten=0x12831778*=0x65) returned 1 [0095.814] SetEvent (hEvent=0x200) returned 1 [0095.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\q8eTg6wNzG.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\q8etg6wnzg.odt"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa2c6a80, ftCreationTime.dwHighDateTime=0x1d706af, ftLastAccessTime.dwLowDateTime=0xed5ced70, ftLastAccessTime.dwHighDateTime=0x1d7085d, ftLastWriteTime.dwLowDateTime=0xed5ced70, ftLastWriteTime.dwHighDateTime=0x1d7085d, nFileSizeHigh=0x0, nFileSizeLow=0xc248)) returned 1 [0095.815] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d2600*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d2600*, lpNumberOfCharsWritten=0x12831778*=0x5e) returned 1 [0095.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\ve5SvDA4.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\ve5svda4.ods"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b451000, ftCreationTime.dwHighDateTime=0x1d6fea5, ftLastAccessTime.dwLowDateTime=0x7e5160b0, ftLastAccessTime.dwHighDateTime=0x1d70348, ftLastWriteTime.dwLowDateTime=0x7e5160b0, ftLastWriteTime.dwHighDateTime=0x1d70348, nFileSizeHigh=0x0, nFileSizeLow=0x15d20)) returned 1 [0095.849] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d26c0*, nNumberOfCharsToWrite=0x5c, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d26c0*, lpNumberOfCharsWritten=0x12831778*=0x5c) returned 1 [0095.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\y8rkdvIeu_ne.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\y8rkdvieu_ne.odp"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74eab500, ftCreationTime.dwHighDateTime=0x1d7058f, ftLastAccessTime.dwLowDateTime=0xb6da5890, ftLastAccessTime.dwHighDateTime=0x1d708b3, ftLastWriteTime.dwLowDateTime=0xb6da5890, ftLastWriteTime.dwHighDateTime=0x1d708b3, nFileSizeHigh=0x0, nFileSizeLow=0xc17d)) returned 1 [0095.871] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d8ecc0*, nNumberOfCharsToWrite=0x60, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12d8ecc0*, lpNumberOfCharsWritten=0x12831778*=0x60) returned 1 [0095.895] SetEvent (hEvent=0x2ec) returned 1 [0095.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\yrCi4R1znEIIicM.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\yrci4r1zneiiicm.ods"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x502b35d0, ftCreationTime.dwHighDateTime=0x1d703fc, ftLastAccessTime.dwLowDateTime=0xe0d80270, ftLastAccessTime.dwHighDateTime=0x1d7061d, ftLastWriteTime.dwLowDateTime=0xe0d80270, ftLastWriteTime.dwHighDateTime=0x1d7061d, nFileSizeHigh=0x0, nFileSizeLow=0x140d2)) returned 1 [0095.895] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d9c5b0*, nNumberOfCharsToWrite=0x63, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12d9c5b0*, lpNumberOfCharsWritten=0x12831778*=0x63) returned 1 [0095.921] VirtualAlloc (lpAddress=0x12cee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cee000 [0095.921] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x26a2f180, ftCreationTime.dwHighDateTime=0x1d6faf6, ftLastAccessTime.dwLowDateTime=0x51660e0, ftLastAccessTime.dwHighDateTime=0x1d6fcd3, ftLastWriteTime.dwLowDateTime=0x51660e0, ftLastWriteTime.dwHighDateTime=0x1d6fcd3, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0095.921] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0095.921] VirtualAlloc (lpAddress=0x12cf0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cf0000 [0095.922] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\*", lpFindFileData=0x12831998 | out: lpFindFileData=0x12831998*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x26a2f180, ftCreationTime.dwHighDateTime=0x1d6faf6, ftLastAccessTime.dwLowDateTime=0x51660e0, ftLastAccessTime.dwHighDateTime=0x1d6fcd3, ftLastWriteTime.dwLowDateTime=0x51660e0, ftLastWriteTime.dwHighDateTime=0x1d6fcd3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0095.922] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x26a2f180, ftCreationTime.dwHighDateTime=0x1d6faf6, ftLastAccessTime.dwLowDateTime=0x51660e0, ftLastAccessTime.dwHighDateTime=0x1d6fcd3, ftLastWriteTime.dwLowDateTime=0x51660e0, ftLastWriteTime.dwHighDateTime=0x1d6fcd3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.922] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723e8cd0, ftCreationTime.dwHighDateTime=0x1d701d6, ftLastAccessTime.dwLowDateTime=0xe53a4b70, ftLastAccessTime.dwHighDateTime=0x1d704ba, ftLastWriteTime.dwLowDateTime=0xe53a4b70, ftLastWriteTime.dwHighDateTime=0x1d704ba, nFileSizeHigh=0x0, nFileSizeLow=0x73f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="C0S2WHYz.ppt", cAlternateFileName="")) returned 1 [0095.922] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe94aad0, ftCreationTime.dwHighDateTime=0x1d6fdcf, ftLastAccessTime.dwLowDateTime=0x1fe03d70, ftLastAccessTime.dwHighDateTime=0x1d6fdd1, ftLastWriteTime.dwLowDateTime=0x1fe03d70, ftLastWriteTime.dwHighDateTime=0x1d6fdd1, nFileSizeHigh=0x0, nFileSizeLow=0x12c17, dwReserved0=0x0, dwReserved1=0x0, cFileName="JnOi1dEaD9FVdj5H8I.docx", cAlternateFileName="JNOI1D~1.DOC")) returned 1 [0095.922] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b242bd0, ftCreationTime.dwHighDateTime=0x1d6fef8, ftLastAccessTime.dwLowDateTime=0x80b01910, ftLastAccessTime.dwHighDateTime=0x1d70207, ftLastWriteTime.dwLowDateTime=0x80b01910, ftLastWriteTime.dwHighDateTime=0x1d70207, nFileSizeHigh=0x0, nFileSizeLow=0x10cb9, dwReserved0=0x0, dwReserved1=0x0, cFileName="kaeNBPAsAQQV.xlsx", cAlternateFileName="KAENBP~1.XLS")) returned 1 [0095.922] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0d157b0, ftCreationTime.dwHighDateTime=0x1d70328, ftLastAccessTime.dwLowDateTime=0x5990e900, ftLastAccessTime.dwHighDateTime=0x1d708b9, ftLastWriteTime.dwLowDateTime=0x5990e900, ftLastWriteTime.dwHighDateTime=0x1d708b9, nFileSizeHigh=0x0, nFileSizeLow=0x9db2, dwReserved0=0x0, dwReserved1=0x0, cFileName="sPOK hNDt-tgCki.rtf", cAlternateFileName="SPOKHN~1.RTF")) returned 1 [0095.922] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfd21800, ftCreationTime.dwHighDateTime=0x1d70458, ftLastAccessTime.dwLowDateTime=0xa00dcdb0, ftLastAccessTime.dwHighDateTime=0x1d7050a, ftLastWriteTime.dwLowDateTime=0xa00dcdb0, ftLastWriteTime.dwHighDateTime=0x1d7050a, nFileSizeHigh=0x0, nFileSizeLow=0x4178, dwReserved0=0x0, dwReserved1=0x0, cFileName="uIuruq649yUtUP0eXHg7.pps", cAlternateFileName="UIURUQ~1.PPS")) returned 1 [0095.922] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831994 | out: lpFindFileData=0x12831994*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.922] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0095.922] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a1c | out: lpFileInformation=0x12831a1c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.922] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0095.923] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0095.923] GetConsoleMode (in: hConsoleHandle=0x28c, lpMode=0x12831c34 | out: lpMode=0x12831c34) returned 0 [0095.923] GetFileType (hFile=0x28c) returned 0x1 [0095.923] WriteFile (in: hFile=0x28c, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c24, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c24*=0x2b8, lpOverlapped=0x0) returned 1 [0095.924] CloseHandle (hObject=0x28c) returned 1 [0095.924] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\C0S2WHYz.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\c0s2whyz.ppt"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723e8cd0, ftCreationTime.dwHighDateTime=0x1d701d6, ftLastAccessTime.dwLowDateTime=0xe53a4b70, ftLastAccessTime.dwHighDateTime=0x1d704ba, ftLastWriteTime.dwLowDateTime=0xe53a4b70, ftLastWriteTime.dwHighDateTime=0x1d704ba, nFileSizeHigh=0x0, nFileSizeLow=0x73f7)) returned 1 [0095.924] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1286c640*, nNumberOfCharsToWrite=0x4d, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x1286c640*, lpNumberOfCharsWritten=0x12831778*=0x4d) returned 1 [0095.964] SetEvent (hEvent=0x2b4) returned 1 [0095.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\JnOi1dEaD9FVdj5H8I.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\jnoi1dead9fvdj5h8i.docx"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe94aad0, ftCreationTime.dwHighDateTime=0x1d6fdcf, ftLastAccessTime.dwLowDateTime=0x1fe03d70, ftLastAccessTime.dwHighDateTime=0x1d6fdd1, ftLastWriteTime.dwLowDateTime=0x1fe03d70, ftLastWriteTime.dwHighDateTime=0x1d6fdd1, nFileSizeHigh=0x0, nFileSizeLow=0x12c17)) returned 1 [0095.964] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d251e0*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12d251e0*, lpNumberOfCharsWritten=0x12831778*=0x58) returned 1 [0095.983] SetEvent (hEvent=0x2b4) returned 1 [0095.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\kaeNBPAsAQQV.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\kaenbpasaqqv.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b242bd0, ftCreationTime.dwHighDateTime=0x1d6fef8, ftLastAccessTime.dwLowDateTime=0x80b01910, ftLastAccessTime.dwHighDateTime=0x1d70207, ftLastWriteTime.dwLowDateTime=0x80b01910, ftLastWriteTime.dwHighDateTime=0x1d70207, nFileSizeHigh=0x0, nFileSizeLow=0x10cb9)) returned 1 [0095.983] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c68b00*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12c68b00*, lpNumberOfCharsWritten=0x12831778*=0x52) returned 1 [0096.008] SetEvent (hEvent=0x2b4) returned 1 [0096.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\sPOK hNDt-tgCki.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\spok hndt-tgcki.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0d157b0, ftCreationTime.dwHighDateTime=0x1d70328, ftLastAccessTime.dwLowDateTime=0x5990e900, ftLastAccessTime.dwHighDateTime=0x1d708b9, ftLastWriteTime.dwLowDateTime=0x5990e900, ftLastWriteTime.dwHighDateTime=0x1d708b9, nFileSizeHigh=0x0, nFileSizeLow=0x9db2)) returned 1 [0096.008] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c68bb0*, nNumberOfCharsToWrite=0x54, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12c68bb0*, lpNumberOfCharsWritten=0x12831778*=0x54) returned 1 [0096.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\uIuruq649yUtUP0eXHg7.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\uiuruq649yutup0exhg7.pps"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfd21800, ftCreationTime.dwHighDateTime=0x1d70458, ftLastAccessTime.dwLowDateTime=0xa00dcdb0, ftLastAccessTime.dwHighDateTime=0x1d7050a, ftLastWriteTime.dwLowDateTime=0xa00dcdb0, ftLastWriteTime.dwHighDateTime=0x1d7050a, nFileSizeHigh=0x0, nFileSizeLow=0x4178)) returned 1 [0096.030] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d2840*, nNumberOfCharsToWrite=0x59, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x128d2840*, lpNumberOfCharsWritten=0x12831778*=0x59) returned 1 [0096.053] SetEvent (hEvent=0x28c) returned 1 [0096.053] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\byAxU_QdeSYuBunRt.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\byaxu_qdesyubunrt.csv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8212f2f0, ftCreationTime.dwHighDateTime=0x1d6ff1e, ftLastAccessTime.dwLowDateTime=0xc805eb60, ftLastAccessTime.dwHighDateTime=0x1d6ff86, ftLastWriteTime.dwLowDateTime=0xc805eb60, ftLastWriteTime.dwHighDateTime=0x1d6ff86, nFileSizeHigh=0x0, nFileSizeLow=0x10ce9)) returned 1 [0096.053] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12d38500*, nNumberOfCharsToWrite=0x50, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12d38500*, lpNumberOfCharsWritten=0x128317e0*=0x50) returned 1 [0096.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\uk0z.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\uk0z.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf47ed280, ftCreationTime.dwHighDateTime=0x1d700e2, ftLastAccessTime.dwLowDateTime=0x44157a50, ftLastAccessTime.dwHighDateTime=0x1d7030f, ftLastWriteTime.dwLowDateTime=0x44157a50, ftLastWriteTime.dwHighDateTime=0x1d7030f, nFileSizeHigh=0x0, nFileSizeLow=0x13b09)) returned 1 [0096.070] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292e090*, nNumberOfCharsToWrite=0x44, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x1292e090*, lpNumberOfCharsWritten=0x128317e0*=0x44) returned 1 [0096.092] SetEvent (hEvent=0x2ec) returned 1 [0096.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\H09VzhhJy701Zn.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\h09vzhhjy701zn.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b5d6e30, ftCreationTime.dwHighDateTime=0x1d70394, ftLastAccessTime.dwLowDateTime=0x81734690, ftLastAccessTime.dwHighDateTime=0x1d704bb, ftLastWriteTime.dwLowDateTime=0x81734690, ftLastWriteTime.dwHighDateTime=0x1d704bb, nFileSizeHigh=0x0, nFileSizeLow=0x13c0c)) returned 1 [0096.092] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12800980*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12800980*, lpNumberOfCharsWritten=0x12831848*=0x3a) returned 1 [0096.115] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\HZH9ZrMuSr.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\hzh9zrmusr.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x626730a0, ftCreationTime.dwHighDateTime=0x1d68e86, ftLastAccessTime.dwLowDateTime=0x1eff9a10, ftLastAccessTime.dwHighDateTime=0x1d6ef2e, ftLastWriteTime.dwLowDateTime=0x1eff9a10, ftLastWriteTime.dwHighDateTime=0x1d6ef2e, nFileSizeHigh=0x0, nFileSizeLow=0xdd0d)) returned 1 [0096.116] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ce1c0*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ce1c0*, lpNumberOfCharsWritten=0x12831848*=0x36) returned 1 [0096.135] SetEvent (hEvent=0xfc) returned 1 [0096.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\I-BK4YVGg1b.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i-bk4yvgg1b.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe04e3b40, ftCreationTime.dwHighDateTime=0x1d70568, ftLastAccessTime.dwLowDateTime=0xd0fb4fb0, ftLastAccessTime.dwHighDateTime=0x1d70a19, ftLastWriteTime.dwLowDateTime=0xd0fb4fb0, ftLastWriteTime.dwHighDateTime=0x1d70a19, nFileSizeHigh=0x0, nFileSizeLow=0x2fe5)) returned 1 [0096.135] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ce230*, nNumberOfCharsToWrite=0x36, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ce230*, lpNumberOfCharsWritten=0x12831848*=0x36) returned 1 [0096.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Lyucj2S2OOss7KdI.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyucj2s2ooss7kdi.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfef6ba80, ftCreationTime.dwHighDateTime=0x1d6b154, ftLastAccessTime.dwLowDateTime=0xa957ee0, ftLastAccessTime.dwHighDateTime=0x1d6b8b1, ftLastWriteTime.dwLowDateTime=0xa957ee0, ftLastWriteTime.dwHighDateTime=0x1d6b8b1, nFileSizeHigh=0x0, nFileSizeLow=0x14218)) returned 1 [0096.155] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882180*, nNumberOfCharsToWrite=0x3c, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12882180*, lpNumberOfCharsWritten=0x12831848*=0x3c) returned 1 [0096.172] SetEvent (hEvent=0x2ec) returned 1 [0096.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my music"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.172] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my music"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x308 [0096.172] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0x12831ad8 | out: lpFileInformation=0x12831ad8) returned 1 [0096.173] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0x12831ad0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ad0) returned 1 [0096.173] CloseHandle (hObject=0x308) returned 1 [0096.173] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292a8a0*, nNumberOfCharsToWrite=0x2b, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x1292a8a0*, lpNumberOfCharsWritten=0x12831848*=0x2b) returned 1 [0096.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my pictures"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.197] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my pictures"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x308 [0096.197] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0x12831ad8 | out: lpFileInformation=0x12831ad8) returned 1 [0096.197] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0x12831ad0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ad0) returned 1 [0096.197] CloseHandle (hObject=0x308) returned 1 [0096.198] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12997440*, nNumberOfCharsToWrite=0x2e, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12997440*, lpNumberOfCharsWritten=0x12831848*=0x2e) returned 1 [0096.208] SetEvent (hEvent=0x314) returned 1 [0096.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my videos"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.208] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my videos"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x308 [0096.208] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0x12831ad8 | out: lpFileInformation=0x12831ad8) returned 1 [0096.208] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0x12831ad0, dwBufferSize=0x8 | out: lpFileInformation=0x12831ad0) returned 1 [0096.208] CloseHandle (hObject=0x308) returned 1 [0096.211] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12997500*, nNumberOfCharsToWrite=0x2c, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12997500*, lpNumberOfCharsWritten=0x12831848*=0x2c) returned 1 [0096.221] SetEvent (hEvent=0x314) returned 1 [0096.221] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\N11qWtgLG.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\n11qwtglg.docx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1dbf9a0, ftCreationTime.dwHighDateTime=0x1d70a43, ftLastAccessTime.dwLowDateTime=0x6cb9bea0, ftLastAccessTime.dwHighDateTime=0x1d70a51, ftLastWriteTime.dwLowDateTime=0x6cb9bea0, ftLastWriteTime.dwHighDateTime=0x1d70a51, nFileSizeHigh=0x0, nFileSizeLow=0x12060)) returned 1 [0096.221] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6d20*, nNumberOfCharsToWrite=0x35, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6d20*, lpNumberOfCharsWritten=0x12831848*=0x35) returned 1 [0096.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x878c65f2, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878c65f2, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.235] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.235] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x65ef9a5c, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878c65f2, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0096.236] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x65ef9a5c, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878c65f2, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.236] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6397affd, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6397affd, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878917cb, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="achoo@gdllo.de.pst", cAlternateFileName="ACHOO@~1.PST")) returned 1 [0096.236] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.236] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0096.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.236] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.236] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0096.236] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0096.236] GetFileType (hFile=0x308) returned 0x1 [0096.237] WriteFile (in: hFile=0x308, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0096.237] CloseHandle (hObject=0x308) returned 1 [0096.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6397affd, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6397affd, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878917cb, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x42400)) returned 1 [0096.238] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1292e2d0*, nNumberOfCharsToWrite=0x48, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x1292e2d0*, lpNumberOfCharsWritten=0x128317e0*=0x48) returned 1 [0096.263] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VtkM6.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtkm6.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b04a3a0, ftCreationTime.dwHighDateTime=0x1d6c1f4, ftLastAccessTime.dwLowDateTime=0x56e99c80, ftLastAccessTime.dwHighDateTime=0x1d6e206, ftLastWriteTime.dwLowDateTime=0x56e99c80, ftLastWriteTime.dwHighDateTime=0x1d6e206, nFileSizeHigh=0x0, nFileSizeLow=0xbf6b)) returned 1 [0096.263] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6d90*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6d90*, lpNumberOfCharsWritten=0x12831848*=0x31) returned 1 [0096.281] SetEvent (hEvent=0x200) returned 1 [0096.282] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XnU2rHF.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xnu2rhf.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2e9ff20, ftCreationTime.dwHighDateTime=0x1d6be50, ftLastAccessTime.dwLowDateTime=0x1c3c3050, ftLastAccessTime.dwHighDateTime=0x1d6c368, ftLastWriteTime.dwLowDateTime=0x1c3c3050, ftLastWriteTime.dwHighDateTime=0x1d6c368, nFileSizeHigh=0x0, nFileSizeLow=0x7a25)) returned 1 [0096.282] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6e00*, nNumberOfCharsToWrite=0x33, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6e00*, lpNumberOfCharsWritten=0x12831848*=0x33) returned 1 [0096.324] SetEvent (hEvent=0x200) returned 1 [0096.324] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4372e947, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0096.324] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iNydqE6ZqnU-cP.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\inydqe6zqnu-cp.ppt"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x131081a0, ftCreationTime.dwHighDateTime=0x1d700d2, ftLastAccessTime.dwLowDateTime=0x18b86880, ftLastAccessTime.dwHighDateTime=0x1d70329, ftLastWriteTime.dwLowDateTime=0x18b86880, ftLastWriteTime.dwHighDateTime=0x1d70329, nFileSizeHigh=0x0, nFileSizeLow=0x1d05)) returned 1 [0096.325] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129361c0*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129361c0*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0096.348] SetEvent (hEvent=0x200) returned 1 [0096.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nlgyKb7bVH6VfuCYA.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nlgykb7bvh6vfucya.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41e8eaa0, ftCreationTime.dwHighDateTime=0x1d6f70c, ftLastAccessTime.dwLowDateTime=0x7fd4b8a0, ftLastAccessTime.dwHighDateTime=0x1d70385, ftLastWriteTime.dwLowDateTime=0x7fd4b8a0, ftLastWriteTime.dwHighDateTime=0x1d70385, nFileSizeHigh=0x0, nFileSizeLow=0x6620)) returned 1 [0096.349] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882280*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12882280*, lpNumberOfCharsWritten=0x12831848*=0x3d) returned 1 [0096.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nzJDx.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nzjdx.ods"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42b59320, ftCreationTime.dwHighDateTime=0x1d701c5, ftLastAccessTime.dwLowDateTime=0xfef70f50, ftLastAccessTime.dwHighDateTime=0x1d702fb, ftLastWriteTime.dwLowDateTime=0xfef70f50, ftLastWriteTime.dwHighDateTime=0x1d702fb, nFileSizeHigh=0x0, nFileSizeLow=0x14ef3)) returned 1 [0096.376] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129977a0*, nNumberOfCharsToWrite=0x30, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129977a0*, lpNumberOfCharsWritten=0x12831848*=0x30) returned 1 [0096.399] SetEvent (hEvent=0xfc) returned 1 [0096.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qkKxpDXlhMxB7c.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qkkxpdxlhmxb7c.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77d71060, ftCreationTime.dwHighDateTime=0x1d7065c, ftLastAccessTime.dwLowDateTime=0x695d19e0, ftLastAccessTime.dwHighDateTime=0x1d70903, ftLastWriteTime.dwLowDateTime=0x695d19e0, ftLastWriteTime.dwHighDateTime=0x1d70903, nFileSizeHigh=0x0, nFileSizeLow=0x14006)) returned 1 [0096.400] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970400*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12970400*, lpNumberOfCharsWritten=0x12831848*=0x3a) returned 1 [0096.425] SetEvent (hEvent=0xfc) returned 1 [0096.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vTz7ukVPLfFQ.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtz7ukvplffq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6774ae90, ftCreationTime.dwHighDateTime=0x1d6dff5, ftLastAccessTime.dwLowDateTime=0xa51a2ed0, ftLastAccessTime.dwHighDateTime=0x1d70135, ftLastWriteTime.dwLowDateTime=0xa51a2ed0, ftLastWriteTime.dwHighDateTime=0x1d70135, nFileSizeHigh=0x0, nFileSizeLow=0x7676)) returned 1 [0096.425] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129a6f50*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x129a6f50*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0096.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vkTMaBRaJZ6X.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vktmabrajz6x.docx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc68f410, ftCreationTime.dwHighDateTime=0x1d7085d, ftLastAccessTime.dwLowDateTime=0xd21d5d50, ftLastAccessTime.dwHighDateTime=0x1d70a20, ftLastWriteTime.dwLowDateTime=0xd21d5d50, ftLastWriteTime.dwHighDateTime=0x1d70a20, nFileSizeHigh=0x0, nFileSizeLow=0xc377)) returned 1 [0096.444] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12814f50*, nNumberOfCharsToWrite=0x38, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12814f50*, lpNumberOfCharsWritten=0x12831848*=0x38) returned 1 [0096.467] SetEvent (hEvent=0x2ec) returned 1 [0096.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\wGU4.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\wgu4.pps"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13b36560, ftCreationTime.dwHighDateTime=0x1d70685, ftLastAccessTime.dwLowDateTime=0x1fbfb360, ftLastAccessTime.dwHighDateTime=0x1d70764, ftLastWriteTime.dwLowDateTime=0x1fbfb360, ftLastWriteTime.dwHighDateTime=0x1d70764, nFileSizeHigh=0x0, nFileSizeLow=0x31e8)) returned 1 [0096.468] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12997860*, nNumberOfCharsToWrite=0x2f, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12997860*, lpNumberOfCharsWritten=0x12831848*=0x2f) returned 1 [0096.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xP-_L.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xp-_l.docx"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7deb7730, ftCreationTime.dwHighDateTime=0x1d69e64, ftLastAccessTime.dwLowDateTime=0xb301a290, ftLastAccessTime.dwHighDateTime=0x1d700ad, ftLastWriteTime.dwLowDateTime=0xb301a290, ftLastWriteTime.dwHighDateTime=0x1d700ad, nFileSizeHigh=0x0, nFileSizeLow=0x10ec8)) returned 1 [0096.487] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ce690*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ce690*, lpNumberOfCharsWritten=0x12831848*=0x31) returned 1 [0096.507] SetEvent (hEvent=0xfc) returned 1 [0096.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.507] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.507] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0096.507] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.507] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0096.507] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.507] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0096.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.508] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.508] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0096.508] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0096.508] GetFileType (hFile=0x228) returned 0x1 [0096.508] WriteFile (in: hFile=0x228, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0096.509] CloseHandle (hObject=0x228) returned 1 [0096.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0096.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.510] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.510] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0096.510] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.510] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43053b43, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43053b43, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bing.url", cAlternateFileName="")) returned 1 [0096.510] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0096.510] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0096.510] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.510] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0096.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.510] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.510] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0096.511] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0096.511] GetFileType (hFile=0x228) returned 0x1 [0096.511] WriteFile (in: hFile=0x228, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0096.515] CloseHandle (hObject=0x228) returned 1 [0096.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43053b43, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43053b43, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0096.515] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128ca240*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x128ca240*, lpNumberOfCharsWritten=0x12831848*=0x2d) returned 1 [0096.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.536] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.536] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0096.536] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.536] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x43079e90, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0096.536] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.536] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0096.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.537] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.537] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0096.537] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0096.537] GetFileType (hFile=0x228) returned 0x1 [0096.538] WriteFile (in: hFile=0x228, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0096.538] CloseHandle (hObject=0x228) returned 1 [0096.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x43079e90, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x50)) returned 1 [0096.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0096.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links" (normalized: "c:\\users\\rdhj0cnfevzx\\links"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.539] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links" (normalized: "c:\\users\\rdhj0cnfevzx\\links"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0096.539] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\*", lpFindFileData=0x12831a68 | out: lpFindFileData=0x12831a68*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9bdc88 [0096.539] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.539] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0096.539] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x207, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0096.539] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0096.539] FindNextFileW (in: hFindFile=0x9bdc88, lpFindFileData=0x12831a64 | out: lpFindFileData=0x12831a64*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.540] FindClose (in: hFindFile=0x9bdc88 | out: hFindFile=0x9bdc88) returned 1 [0096.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831aec | out: lpFileInformation=0x12831aec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.540] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0096.540] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0096.540] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x12831d04 | out: lpMode=0x12831d04) returned 0 [0096.540] GetFileType (hFile=0x228) returned 0x1 [0096.540] WriteFile (in: hFile=0x228, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831cf4, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831cf4*=0x2b8, lpOverlapped=0x0) returned 1 [0096.541] CloseHandle (hObject=0x228) returned 1 [0096.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x207)) returned 1 [0096.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), fInfoLevelId=0x0, lpFileInformation=0x129d5c44 | out: lpFileInformation=0x129d5c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43053b43, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43053b43, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0096.555] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url")) returned 0x20 [0096.556] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", dwFileAttributes=0x20) returned 1 [0096.556] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0096.556] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x129d5e88 | out: lpMode=0x129d5e88) returned 0 [0096.556] GetFileType (hFile=0x228) returned 0x1 [0096.556] SystemFunction036 (in: RandomBuffer=0x12be58d8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be58d8) returned 1 [0096.556] SystemFunction036 (in: RandomBuffer=0x12be58e8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be58e8) returned 1 [0096.556] GetFileType (hFile=0x228) returned 0x1 [0096.556] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0096.556] ReadFile (in: hFile=0x228, lpBuffer=0x129e2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d5e80, lpOverlapped=0x0 | out: lpBuffer=0x129e2000*, lpNumberOfBytesRead=0x129d5e80*=0xd0, lpOverlapped=0x0) returned 1 [0096.557] GetFileType (hFile=0x228) returned 0x1 [0096.557] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0096.557] WriteFile (in: hFile=0x228, lpBuffer=0x12998270*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0x129d5e78, lpOverlapped=0x0 | out: lpBuffer=0x12998270*, lpNumberOfBytesWritten=0x129d5e78*=0xd0, lpOverlapped=0x0) returned 1 [0096.557] GetFileType (hFile=0x228) returned 0x1 [0096.557] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d5e9c | out: lpNewFilePointer=0x0) returned 1 [0096.558] SystemFunction036 (in: RandomBuffer=0x12ced101, RandomBufferLength=0x40 | out: RandomBuffer=0x12ced101) returned 1 [0096.558] WriteFile (in: hFile=0x228, lpBuffer=0x1298e668*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e668*, lpNumberOfBytesWritten=0x129d5d88*=0x4, lpOverlapped=0x0) returned 1 [0096.558] WriteFile (in: hFile=0x228, lpBuffer=0x12ced200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129d5d88, lpOverlapped=0x0 | out: lpBuffer=0x12ced200*, lpNumberOfBytesWritten=0x129d5d88*=0x100, lpOverlapped=0x0) returned 1 [0096.558] CloseHandle (hObject=0x228) returned 1 [0096.560] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url.crypted"), dwFlags=0x1) returned 1 [0096.572] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url")) returned 0xffffffff [0096.572] VirtualFree (lpAddress=0x12c50000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.573] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x33c6fa24, ulCount=0x10, ulNumEntriesRemoved=0x33c6fa0c, dwMilliseconds=0x2a, fAlertable=0 | out: lpCompletionPortEntries=0x33c6fa24, ulNumEntriesRemoved=0x33c6fa0c) returned 0 [0096.638] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.778] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.801] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.822] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.841] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.854] SetEvent (hEvent=0x298) returned 1 [0096.854] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\IwNwHTkANyQgUz1S.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\iwnwhtkanyqguz1s.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12913c44 | out: lpFileInformation=0x12913c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20c8fbf0, ftCreationTime.dwHighDateTime=0x1d6fd72, ftLastAccessTime.dwLowDateTime=0xd8472cc0, ftLastAccessTime.dwHighDateTime=0x1d6fd81, ftLastWriteTime.dwLowDateTime=0xd8472cc0, ftLastWriteTime.dwHighDateTime=0x1d6fd81, nFileSizeHigh=0x0, nFileSizeLow=0xb155)) returned 1 [0096.854] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\IwNwHTkANyQgUz1S.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\iwnwhtkanyqguz1s.m4a")) returned 0x20 [0096.854] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\IwNwHTkANyQgUz1S.m4a", dwFileAttributes=0x20) returned 1 [0096.854] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\IwNwHTkANyQgUz1S.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\iwnwhtkanyqguz1s.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0096.854] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0x12913e88 | out: lpMode=0x12913e88) returned 0 [0096.854] GetFileType (hFile=0x2d4) returned 0x1 [0096.854] GetFileType (hFile=0x2d4) returned 0x1 [0096.854] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.855] ReadFile (in: hFile=0x2d4, lpBuffer=0x129003b4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12913d14, lpOverlapped=0x0 | out: lpBuffer=0x129003b4*, lpNumberOfBytesRead=0x12913d14*=0x4, lpOverlapped=0x0) returned 1 [0096.855] SystemFunction036 (in: RandomBuffer=0x12c915b8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c915b8) returned 1 [0096.855] SystemFunction036 (in: RandomBuffer=0x12c915c8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c915c8) returned 1 [0096.855] GetFileType (hFile=0x2d4) returned 0x1 [0096.855] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0096.855] ReadFile (in: hFile=0x2d4, lpBuffer=0x12a96000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12913e80, lpOverlapped=0x0 | out: lpBuffer=0x12a96000*, lpNumberOfBytesRead=0x12913e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.855] GetFileType (hFile=0x2d4) returned 0x1 [0096.855] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0096.855] WriteFile (in: hFile=0x2d4, lpBuffer=0x12a9a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12913e78, lpOverlapped=0x0 | out: lpBuffer=0x12a9a000*, lpNumberOfBytesWritten=0x12913e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.855] GetFileType (hFile=0x2d4) returned 0x1 [0096.856] SetFilePointerEx (in: hFile=0x2d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12913e9c | out: lpNewFilePointer=0x0) returned 1 [0096.856] SystemFunction036 (in: RandomBuffer=0x12c73e01, RandomBufferLength=0x40 | out: RandomBuffer=0x12c73e01) returned 1 [0096.856] WriteFile (in: hFile=0x2d4, lpBuffer=0x12900410*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x12900410*, lpNumberOfBytesWritten=0x12913d88*=0x4, lpOverlapped=0x0) returned 1 [0096.856] WriteFile (in: hFile=0x2d4, lpBuffer=0x12c73f00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12913d88, lpOverlapped=0x0 | out: lpBuffer=0x12c73f00*, lpNumberOfBytesWritten=0x12913d88*=0x100, lpOverlapped=0x0) returned 1 [0096.856] CloseHandle (hObject=0x2d4) returned 1 [0096.859] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\IwNwHTkANyQgUz1S.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\iwnwhtkanyqguz1s.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\IwNwHTkANyQgUz1S.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\iwnwhtkanyqguz1s.m4a.crypted"), dwFlags=0x1) returned 1 [0096.862] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\IwNwHTkANyQgUz1S.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\iwnwhtkanyqguz1s.m4a")) returned 0xffffffff [0096.862] VirtualFree (lpAddress=0x12c40000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.862] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.885] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.912] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.960] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.979] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0096.999] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.012] SetEvent (hEvent=0x1dc) returned 1 [0097.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\Xjg2XcAOL2hUX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\xjg2xcaol2hux.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12a4fc44 | out: lpFileInformation=0x12a4fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x173ce740, ftCreationTime.dwHighDateTime=0x1d6fc32, ftLastAccessTime.dwLowDateTime=0x834dcf70, ftLastAccessTime.dwHighDateTime=0x1d70138, ftLastWriteTime.dwLowDateTime=0x834dcf70, ftLastWriteTime.dwHighDateTime=0x1d70138, nFileSizeHigh=0x0, nFileSizeLow=0x88d4)) returned 1 [0097.012] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\Xjg2XcAOL2hUX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\xjg2xcaol2hux.mp3")) returned 0x20 [0097.012] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\Xjg2XcAOL2hUX.mp3", dwFileAttributes=0x20) returned 1 [0097.016] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\Xjg2XcAOL2hUX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\xjg2xcaol2hux.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0097.016] GetConsoleMode (in: hConsoleHandle=0x2f8, lpMode=0x12a4fe88 | out: lpMode=0x12a4fe88) returned 0 [0097.016] GetFileType (hFile=0x2f8) returned 0x1 [0097.016] GetFileType (hFile=0x2f8) returned 0x1 [0097.016] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.016] ReadFile (in: hFile=0x2f8, lpBuffer=0x12900578, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a4fd14, lpOverlapped=0x0 | out: lpBuffer=0x12900578*, lpNumberOfBytesRead=0x12a4fd14*=0x4, lpOverlapped=0x0) returned 1 [0097.016] SystemFunction036 (in: RandomBuffer=0x12c91dd8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91dd8) returned 1 [0097.016] SystemFunction036 (in: RandomBuffer=0x12c91de8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c91de8) returned 1 [0097.016] GetFileType (hFile=0x2f8) returned 0x1 [0097.016] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0097.016] ReadFile (in: hFile=0x2f8, lpBuffer=0x12acc000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4fe80, lpOverlapped=0x0 | out: lpBuffer=0x12acc000*, lpNumberOfBytesRead=0x12a4fe80*=0x4000, lpOverlapped=0x0) returned 1 [0097.017] GetFileType (hFile=0x2f8) returned 0x1 [0097.017] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0097.017] WriteFile (in: hFile=0x2f8, lpBuffer=0x12ad0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4fe78, lpOverlapped=0x0 | out: lpBuffer=0x12ad0000*, lpNumberOfBytesWritten=0x12a4fe78*=0x4000, lpOverlapped=0x0) returned 1 [0097.017] GetFileType (hFile=0x2f8) returned 0x1 [0097.017] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4fe9c | out: lpNewFilePointer=0x0) returned 1 [0097.017] SystemFunction036 (in: RandomBuffer=0x12aa2a01, RandomBufferLength=0x40 | out: RandomBuffer=0x12aa2a01) returned 1 [0097.017] WriteFile (in: hFile=0x2f8, lpBuffer=0x129005d4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a4fd88, lpOverlapped=0x0 | out: lpBuffer=0x129005d4*, lpNumberOfBytesWritten=0x12a4fd88*=0x4, lpOverlapped=0x0) returned 1 [0097.018] WriteFile (in: hFile=0x2f8, lpBuffer=0x12aa2b00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a4fd88, lpOverlapped=0x0 | out: lpBuffer=0x12aa2b00*, lpNumberOfBytesWritten=0x12a4fd88*=0x100, lpOverlapped=0x0) returned 1 [0097.018] CloseHandle (hObject=0x2f8) returned 1 [0097.019] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\Xjg2XcAOL2hUX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\xjg2xcaol2hux.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\Xjg2XcAOL2hUX.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\xjg2xcaol2hux.mp3.crypted"), dwFlags=0x1) returned 1 [0097.020] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\Xjg2XcAOL2hUX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\xjg2xcaol2hux.mp3")) returned 0xffffffff [0097.020] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.064] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.090] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.102] SetEvent (hEvent=0x1e4) returned 1 [0097.102] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.114] SetEvent (hEvent=0x1e4) returned 1 [0097.114] VirtualFree (lpAddress=0x12c36000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.115] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.126] SetEvent (hEvent=0x1e4) returned 1 [0097.127] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.146] SetEvent (hEvent=0x2cc) returned 1 [0097.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\rFMIbNTh6SVXWCF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\rfmibnth6svxwcf.wav"), fInfoLevelId=0x0, lpFileInformation=0x12b15c44 | out: lpFileInformation=0x12b15c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfcdb54f0, ftCreationTime.dwHighDateTime=0x1d6fd4d, ftLastAccessTime.dwLowDateTime=0xcf2f2570, ftLastAccessTime.dwHighDateTime=0x1d6ff48, ftLastWriteTime.dwLowDateTime=0xcf2f2570, ftLastWriteTime.dwHighDateTime=0x1d6ff48, nFileSizeHigh=0x0, nFileSizeLow=0x11159)) returned 1 [0097.146] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\rFMIbNTh6SVXWCF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\rfmibnth6svxwcf.wav")) returned 0x20 [0097.146] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\rFMIbNTh6SVXWCF.wav", dwFileAttributes=0x20) returned 1 [0097.146] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\rFMIbNTh6SVXWCF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\rfmibnth6svxwcf.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x300 [0097.146] GetConsoleMode (in: hConsoleHandle=0x300, lpMode=0x12b15e88 | out: lpMode=0x12b15e88) returned 0 [0097.146] GetFileType (hFile=0x300) returned 0x1 [0097.146] GetFileType (hFile=0x300) returned 0x1 [0097.146] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.146] ReadFile (in: hFile=0x300, lpBuffer=0x1298e004, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b15d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e004*, lpNumberOfBytesRead=0x12b15d14*=0x4, lpOverlapped=0x0) returned 1 [0097.147] SystemFunction036 (in: RandomBuffer=0x128cc028, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc028) returned 1 [0097.147] SystemFunction036 (in: RandomBuffer=0x128cc038, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc038) returned 1 [0097.147] GetFileType (hFile=0x300) returned 0x1 [0097.147] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0097.147] ReadFile (in: hFile=0x300, lpBuffer=0x12c4a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b15e80, lpOverlapped=0x0 | out: lpBuffer=0x12c4a000*, lpNumberOfBytesRead=0x12b15e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.147] GetFileType (hFile=0x300) returned 0x1 [0097.147] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0097.147] WriteFile (in: hFile=0x300, lpBuffer=0x12d80000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b15e78, lpOverlapped=0x0 | out: lpBuffer=0x12d80000*, lpNumberOfBytesWritten=0x12b15e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.147] GetFileType (hFile=0x300) returned 0x1 [0097.147] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b15e9c | out: lpNewFilePointer=0x0) returned 1 [0097.148] SystemFunction036 (in: RandomBuffer=0x12d9e301, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9e301) returned 1 [0097.148] WriteFile (in: hFile=0x300, lpBuffer=0x1298e060*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b15d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e060*, lpNumberOfBytesWritten=0x12b15d88*=0x4, lpOverlapped=0x0) returned 1 [0097.148] WriteFile (in: hFile=0x300, lpBuffer=0x12d9e400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b15d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9e400*, lpNumberOfBytesWritten=0x12b15d88*=0x100, lpOverlapped=0x0) returned 1 [0097.148] CloseHandle (hObject=0x300) returned 1 [0097.150] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\rFMIbNTh6SVXWCF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\rfmibnth6svxwcf.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\rFMIbNTh6SVXWCF.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\rfmibnth6svxwcf.wav.crypted"), dwFlags=0x1) returned 1 [0097.153] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\rFMIbNTh6SVXWCF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\rfmibnth6svxwcf.wav")) returned 0xffffffff [0097.153] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\zQmIs_lj7.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\zqmis_lj7.flv")) returned 0xffffffff [0097.153] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lsmenFxq-3ao\\AQIRwU.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lsmenfxq-3ao\\aqirwu.png")) returned 0xffffffff [0097.153] SwitchToThread () returned 1 [0097.166] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\uUrZ0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\uurz0.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb074490, ftCreationTime.dwHighDateTime=0x1d6fe9b, ftLastAccessTime.dwLowDateTime=0x98515880, ftLastAccessTime.dwHighDateTime=0x1d702d0, ftLastWriteTime.dwLowDateTime=0x98515880, ftLastWriteTime.dwHighDateTime=0x1d702d0, nFileSizeHigh=0x0, nFileSizeLow=0x147d3)) returned 1 [0097.167] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\uUrZ0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\uurz0.m4a")) returned 0x20 [0097.167] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\uUrZ0.m4a", dwFileAttributes=0x20) returned 1 [0097.170] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\uUrZ0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\uurz0.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0097.170] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0097.170] GetFileType (hFile=0x2fc) returned 0x1 [0097.170] GetFileType (hFile=0x2fc) returned 0x1 [0097.170] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.170] ReadFile (in: hFile=0x2fc, lpBuffer=0x1298e068, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e068*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0097.170] SystemFunction036 (in: RandomBuffer=0x128cc208, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc208) returned 1 [0097.170] SystemFunction036 (in: RandomBuffer=0x128cc218, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc218) returned 1 [0097.170] GetFileType (hFile=0x2fc) returned 0x1 [0097.171] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.171] ReadFile (in: hFile=0x2fc, lpBuffer=0x12b48000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12b48000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.171] GetFileType (hFile=0x2fc) returned 0x1 [0097.171] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.171] WriteFile (in: hFile=0x2fc, lpBuffer=0x12b4e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12b4e000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.171] GetFileType (hFile=0x2fc) returned 0x1 [0097.171] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.171] SystemFunction036 (in: RandomBuffer=0x12d9e801, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9e801) returned 1 [0097.172] WriteFile (in: hFile=0x2fc, lpBuffer=0x1298e0c4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e0c4*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0097.172] WriteFile (in: hFile=0x2fc, lpBuffer=0x12d9e900*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9e900*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0097.172] CloseHandle (hObject=0x2fc) returned 1 [0097.176] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\uUrZ0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\uurz0.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\uUrZ0.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\uurz0.m4a.crypted"), dwFlags=0x1) returned 1 [0097.176] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\uUrZ0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\uurz0.m4a")) returned 0xffffffff [0097.176] VirtualFree (lpAddress=0x12dfe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.177] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.242] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.258] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.270] SetEvent (hEvent=0x2cc) returned 1 [0097.270] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\A16LF.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\a16lf.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12a23c44 | out: lpFileInformation=0x12a23c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10129e10, ftCreationTime.dwHighDateTime=0x1d6ffd9, ftLastAccessTime.dwLowDateTime=0x887b2f10, ftLastAccessTime.dwHighDateTime=0x1d70935, ftLastWriteTime.dwLowDateTime=0x887b2f10, ftLastWriteTime.dwHighDateTime=0x1d70935, nFileSizeHigh=0x0, nFileSizeLow=0x16a76)) returned 1 [0097.270] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\A16LF.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\a16lf.mp3")) returned 0x20 [0097.270] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\A16LF.mp3", dwFileAttributes=0x20) returned 1 [0097.270] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\A16LF.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\a16lf.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.270] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a23e88 | out: lpMode=0x12a23e88) returned 0 [0097.270] GetFileType (hFile=0x274) returned 0x1 [0097.271] GetFileType (hFile=0x274) returned 0x1 [0097.271] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.271] ReadFile (in: hFile=0x274, lpBuffer=0x1290011c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a23d14, lpOverlapped=0x0 | out: lpBuffer=0x1290011c*, lpNumberOfBytesRead=0x12a23d14*=0x4, lpOverlapped=0x0) returned 1 [0097.271] SystemFunction036 (in: RandomBuffer=0x12816758, RandomBufferLength=0x10 | out: RandomBuffer=0x12816758) returned 1 [0097.271] SystemFunction036 (in: RandomBuffer=0x12816768, RandomBufferLength=0x10 | out: RandomBuffer=0x12816768) returned 1 [0097.271] GetFileType (hFile=0x274) returned 0x1 [0097.271] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.271] ReadFile (in: hFile=0x274, lpBuffer=0x12a60000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a23e80, lpOverlapped=0x0 | out: lpBuffer=0x12a60000*, lpNumberOfBytesRead=0x12a23e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.271] GetFileType (hFile=0x274) returned 0x1 [0097.271] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.271] WriteFile (in: hFile=0x274, lpBuffer=0x12a64000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a23e78, lpOverlapped=0x0 | out: lpBuffer=0x12a64000*, lpNumberOfBytesWritten=0x12a23e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.272] GetFileType (hFile=0x274) returned 0x1 [0097.272] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.272] SystemFunction036 (in: RandomBuffer=0x12a46301, RandomBufferLength=0x40 | out: RandomBuffer=0x12a46301) returned 1 [0097.272] WriteFile (in: hFile=0x274, lpBuffer=0x12900178*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x12900178*, lpNumberOfBytesWritten=0x12a23d88*=0x4, lpOverlapped=0x0) returned 1 [0097.272] WriteFile (in: hFile=0x274, lpBuffer=0x12a46400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x12a46400*, lpNumberOfBytesWritten=0x12a23d88*=0x100, lpOverlapped=0x0) returned 1 [0097.272] CloseHandle (hObject=0x274) returned 1 [0097.275] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\A16LF.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\a16lf.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\A16LF.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\a16lf.mp3.crypted"), dwFlags=0x1) returned 1 [0097.276] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\A16LF.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\a16lf.mp3")) returned 0xffffffff [0097.276] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.315] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.348] SetEvent (hEvent=0x1e4) returned 1 [0097.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\tH2U4LxniYTrw.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\th2u4lxniytrw.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12a23c44 | out: lpFileInformation=0x12a23c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcbf480, ftCreationTime.dwHighDateTime=0x1d706fc, ftLastAccessTime.dwLowDateTime=0xfdb3c780, ftLastAccessTime.dwHighDateTime=0x1d7096a, ftLastWriteTime.dwLowDateTime=0xfdb3c780, ftLastWriteTime.dwHighDateTime=0x1d7096a, nFileSizeHigh=0x0, nFileSizeLow=0x14b5e)) returned 1 [0097.348] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\tH2U4LxniYTrw.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\th2u4lxniytrw.m4a")) returned 0x20 [0097.348] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\tH2U4LxniYTrw.m4a", dwFileAttributes=0x20) returned 1 [0097.349] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\tH2U4LxniYTrw.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\th2u4lxniytrw.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0097.349] GetConsoleMode (in: hConsoleHandle=0x280, lpMode=0x12a23e88 | out: lpMode=0x12a23e88) returned 0 [0097.349] GetFileType (hFile=0x280) returned 0x1 [0097.349] GetFileType (hFile=0x280) returned 0x1 [0097.349] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.349] ReadFile (in: hFile=0x280, lpBuffer=0x12900180, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a23d14, lpOverlapped=0x0 | out: lpBuffer=0x12900180*, lpNumberOfBytesRead=0x12a23d14*=0x4, lpOverlapped=0x0) returned 1 [0097.349] SystemFunction036 (in: RandomBuffer=0x12816a28, RandomBufferLength=0x10 | out: RandomBuffer=0x12816a28) returned 1 [0097.349] SystemFunction036 (in: RandomBuffer=0x12816a38, RandomBufferLength=0x10 | out: RandomBuffer=0x12816a38) returned 1 [0097.349] GetFileType (hFile=0x280) returned 0x1 [0097.349] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.349] ReadFile (in: hFile=0x280, lpBuffer=0x12a72000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a23e80, lpOverlapped=0x0 | out: lpBuffer=0x12a72000*, lpNumberOfBytesRead=0x12a23e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.350] GetFileType (hFile=0x280) returned 0x1 [0097.350] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.350] WriteFile (in: hFile=0x280, lpBuffer=0x12a76000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a23e78, lpOverlapped=0x0 | out: lpBuffer=0x12a76000*, lpNumberOfBytesWritten=0x12a23e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.350] GetFileType (hFile=0x280) returned 0x1 [0097.350] SetFilePointerEx (in: hFile=0x280, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.350] SystemFunction036 (in: RandomBuffer=0x12a46601, RandomBufferLength=0x40 | out: RandomBuffer=0x12a46601) returned 1 [0097.350] WriteFile (in: hFile=0x280, lpBuffer=0x129001dc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x129001dc*, lpNumberOfBytesWritten=0x12a23d88*=0x4, lpOverlapped=0x0) returned 1 [0097.351] WriteFile (in: hFile=0x280, lpBuffer=0x12a46700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x12a46700*, lpNumberOfBytesWritten=0x12a23d88*=0x100, lpOverlapped=0x0) returned 1 [0097.351] CloseHandle (hObject=0x280) returned 1 [0097.353] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\tH2U4LxniYTrw.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\th2u4lxniytrw.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\tH2U4LxniYTrw.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\th2u4lxniytrw.m4a.crypted"), dwFlags=0x1) returned 1 [0097.356] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\tH2U4LxniYTrw.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\th2u4lxniytrw.m4a")) returned 0xffffffff [0097.356] VirtualFree (lpAddress=0x12df8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.357] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.384] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.403] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) returned 0x0 [0097.414] SetEvent (hEvent=0x234) returned 1 [0097.414] SetEvent (hEvent=0x1b0) returned 1 [0097.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\Tj5pc8WH5_1HOaZF0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\tj5pc8wh5_1hoazf0.m4a"), fInfoLevelId=0x0, lpFileInformation=0x129cfc44 | out: lpFileInformation=0x129cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd712d9f0, ftCreationTime.dwHighDateTime=0x1d7056d, ftLastAccessTime.dwLowDateTime=0x95a5b770, ftLastAccessTime.dwHighDateTime=0x1d708d9, ftLastWriteTime.dwLowDateTime=0x95a5b770, ftLastWriteTime.dwHighDateTime=0x1d708d9, nFileSizeHigh=0x0, nFileSizeLow=0x97ec)) returned 1 [0097.414] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\Tj5pc8WH5_1HOaZF0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\tj5pc8wh5_1hoazf0.m4a")) returned 0x20 [0097.414] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\Tj5pc8WH5_1HOaZF0.m4a", dwFileAttributes=0x20) returned 1 [0097.414] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\Tj5pc8WH5_1HOaZF0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\tj5pc8wh5_1hoazf0.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a0 [0097.415] GetConsoleMode (in: hConsoleHandle=0x2a0, lpMode=0x129cfe88 | out: lpMode=0x129cfe88) returned 0 [0097.415] GetFileType (hFile=0x2a0) returned 0x1 [0097.415] GetFileType (hFile=0x2a0) returned 0x1 [0097.415] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.415] ReadFile (in: hFile=0x2a0, lpBuffer=0x128102e0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129cfd14, lpOverlapped=0x0 | out: lpBuffer=0x128102e0*, lpNumberOfBytesRead=0x129cfd14*=0x4, lpOverlapped=0x0) returned 1 [0097.415] SystemFunction036 (in: RandomBuffer=0x129a2758, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2758) returned 1 [0097.415] SystemFunction036 (in: RandomBuffer=0x129a2768, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2768) returned 1 [0097.415] GetFileType (hFile=0x2a0) returned 0x1 [0097.415] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.415] ReadFile (in: hFile=0x2a0, lpBuffer=0x128b6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129cfe80, lpOverlapped=0x0 | out: lpBuffer=0x128b6000*, lpNumberOfBytesRead=0x129cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0097.415] GetFileType (hFile=0x2a0) returned 0x1 [0097.415] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.415] WriteFile (in: hFile=0x2a0, lpBuffer=0x128c8000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x129cfe78, lpOverlapped=0x0 | out: lpBuffer=0x128c8000*, lpNumberOfBytesWritten=0x129cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0097.416] GetFileType (hFile=0x2a0) returned 0x1 [0097.416] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129cfe9c | out: lpNewFilePointer=0x0) returned 1 [0097.416] SystemFunction036 (in: RandomBuffer=0x1295f401, RandomBufferLength=0x40 | out: RandomBuffer=0x1295f401) returned 1 [0097.416] WriteFile (in: hFile=0x2a0, lpBuffer=0x1281033c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x1281033c*, lpNumberOfBytesWritten=0x129cfd88*=0x4, lpOverlapped=0x0) returned 1 [0097.416] WriteFile (in: hFile=0x2a0, lpBuffer=0x1295f500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129cfd88, lpOverlapped=0x0 | out: lpBuffer=0x1295f500*, lpNumberOfBytesWritten=0x129cfd88*=0x100, lpOverlapped=0x0) returned 1 [0097.416] CloseHandle (hObject=0x2a0) returned 1 [0097.418] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\Tj5pc8WH5_1HOaZF0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\tj5pc8wh5_1hoazf0.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\Tj5pc8WH5_1HOaZF0.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\tj5pc8wh5_1hoazf0.m4a.crypted"), dwFlags=0x1) returned 1 [0097.419] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\Tj5pc8WH5_1HOaZF0.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\tj5pc8wh5_1hoazf0.m4a")) returned 0xffffffff [0097.419] VirtualFree (lpAddress=0x12df6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.419] WaitForSingleObject (hHandle=0x218, dwMilliseconds=0xffffffff) Thread: id = 26 os_tid = 0xaa4 [0094.183] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x33daff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x33daff28*=0x22c) returned 1 [0094.183] VirtualQuery (in: lpAddress=0x33daff38, lpBuffer=0x33daff38, dwLength=0x1c | out: lpBuffer=0x33daff38*(BaseAddress=0x33daf000, AllocationBase=0x33cb0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.183] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x33dafa2c, ulCount=0x10, ulNumEntriesRemoved=0x33dafa14, dwMilliseconds=0x3da, fAlertable=0 | out: lpCompletionPortEntries=0x33dafa2c, ulNumEntriesRemoved=0x33dafa14) returned 0 [0095.176] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e0 [0095.176] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4 [0095.176] WaitForSingleObject (hHandle=0x2e0, dwMilliseconds=0xffffffff) Thread: id = 27 os_tid = 0xc90 [0094.185] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x33eeff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x33eeff28*=0x230) returned 1 [0094.185] VirtualQuery (in: lpAddress=0x33eeff38, lpBuffer=0x33eeff38, dwLength=0x1c | out: lpBuffer=0x33eeff38*(BaseAddress=0x33eef000, AllocationBase=0x33df0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.185] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x234 [0094.185] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x238 [0094.186] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0094.307] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CVQ7.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\cvq7.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12863c44 | out: lpFileInformation=0x12863c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7073b130, ftCreationTime.dwHighDateTime=0x1d70813, ftLastAccessTime.dwLowDateTime=0x354ec820, ftLastAccessTime.dwHighDateTime=0x1d7088f, ftLastWriteTime.dwLowDateTime=0x354ec820, ftLastWriteTime.dwHighDateTime=0x1d7088f, nFileSizeHigh=0x0, nFileSizeLow=0x171b4)) returned 1 [0094.307] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CVQ7.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\cvq7.mp4")) returned 0x20 [0094.307] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CVQ7.mp4", dwFileAttributes=0x20) returned 1 [0094.308] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CVQ7.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\cvq7.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x244 [0094.308] GetConsoleMode (in: hConsoleHandle=0x244, lpMode=0x12863e88 | out: lpMode=0x12863e88) returned 0 [0094.308] GetFileType (hFile=0x244) returned 0x1 [0094.308] GetFileType (hFile=0x244) returned 0x1 [0094.308] SetFilePointerEx (in: hFile=0x244, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.308] ReadFile (in: hFile=0x244, lpBuffer=0x12900774, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12863d14, lpOverlapped=0x0 | out: lpBuffer=0x12900774*, lpNumberOfBytesRead=0x12863d14*=0x4, lpOverlapped=0x0) returned 1 [0094.308] SystemFunction036 (in: RandomBuffer=0x12931388, RandomBufferLength=0x10 | out: RandomBuffer=0x12931388) returned 1 [0094.308] SystemFunction036 (in: RandomBuffer=0x12931398, RandomBufferLength=0x10 | out: RandomBuffer=0x12931398) returned 1 [0094.308] VirtualAlloc (lpAddress=0x12ab8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ab8000 [0094.309] GetFileType (hFile=0x244) returned 0x1 [0094.309] SetFilePointerEx (in: hFile=0x244, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0094.309] ReadFile (in: hFile=0x244, lpBuffer=0x12ab8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12863e80, lpOverlapped=0x0 | out: lpBuffer=0x12ab8000*, lpNumberOfBytesRead=0x12863e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.309] VirtualAlloc (lpAddress=0x12abc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12abc000 [0094.315] GetFileType (hFile=0x244) returned 0x1 [0094.315] SetFilePointerEx (in: hFile=0x244, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0094.315] WriteFile (in: hFile=0x244, lpBuffer=0x12abc000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12863e78, lpOverlapped=0x0 | out: lpBuffer=0x12abc000*, lpNumberOfBytesWritten=0x12863e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.315] GetFileType (hFile=0x244) returned 0x1 [0094.315] SetFilePointerEx (in: hFile=0x244, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0094.315] SystemFunction036 (in: RandomBuffer=0x12951701, RandomBufferLength=0x40 | out: RandomBuffer=0x12951701) returned 1 [0094.315] VirtualAlloc (lpAddress=0x12ac0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ac0000 [0094.316] WriteFile (in: hFile=0x244, lpBuffer=0x129007d0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12863d88, lpOverlapped=0x0 | out: lpBuffer=0x129007d0*, lpNumberOfBytesWritten=0x12863d88*=0x4, lpOverlapped=0x0) returned 1 [0094.316] WriteFile (in: hFile=0x244, lpBuffer=0x12951800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12863d88, lpOverlapped=0x0 | out: lpBuffer=0x12951800*, lpNumberOfBytesWritten=0x12863d88*=0x100, lpOverlapped=0x0) returned 1 [0094.316] CloseHandle (hObject=0x244) returned 1 [0094.434] SetEvent (hEvent=0x13c) returned 1 [0094.434] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CVQ7.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\cvq7.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CVQ7.mp4.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\cvq7.mp4.crypted"), dwFlags=0x1) returned 1 [0097.341] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CVQ7.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\cvq7.mp4")) returned 0xffffffff [0097.395] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\PGkxYB cz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\pgkxyb cz.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12863c44 | out: lpFileInformation=0x12863c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c44d580, ftCreationTime.dwHighDateTime=0x1d706a9, ftLastAccessTime.dwLowDateTime=0x41c7ac40, ftLastAccessTime.dwHighDateTime=0x1d7074d, ftLastWriteTime.dwLowDateTime=0x41c7ac40, ftLastWriteTime.dwHighDateTime=0x1d7074d, nFileSizeHigh=0x0, nFileSizeLow=0xf00f)) returned 1 [0097.395] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\PGkxYB cz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\pgkxyb cz.mp3")) returned 0x20 [0097.395] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\PGkxYB cz.mp3", dwFileAttributes=0x20) returned 1 [0097.395] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\PGkxYB cz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\pgkxyb cz.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0097.395] GetConsoleMode (in: hConsoleHandle=0x278, lpMode=0x12863e88 | out: lpMode=0x12863e88) returned 0 [0097.395] GetFileType (hFile=0x278) returned 0x1 [0097.395] GetFileType (hFile=0x278) returned 0x1 [0097.395] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.395] ReadFile (in: hFile=0x278, lpBuffer=0x129001e4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12863d14, lpOverlapped=0x0 | out: lpBuffer=0x129001e4*, lpNumberOfBytesRead=0x12863d14*=0x4, lpOverlapped=0x0) returned 1 [0097.396] SystemFunction036 (in: RandomBuffer=0x12816ca8, RandomBufferLength=0x10 | out: RandomBuffer=0x12816ca8) returned 1 [0097.396] SystemFunction036 (in: RandomBuffer=0x12816cb8, RandomBufferLength=0x10 | out: RandomBuffer=0x12816cb8) returned 1 [0097.396] GetFileType (hFile=0x278) returned 0x1 [0097.396] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0097.396] ReadFile (in: hFile=0x278, lpBuffer=0x12852000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12863e80, lpOverlapped=0x0 | out: lpBuffer=0x12852000*, lpNumberOfBytesRead=0x12863e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.396] GetFileType (hFile=0x278) returned 0x1 [0097.396] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0097.396] WriteFile (in: hFile=0x278, lpBuffer=0x12856000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12863e78, lpOverlapped=0x0 | out: lpBuffer=0x12856000*, lpNumberOfBytesWritten=0x12863e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.396] GetFileType (hFile=0x278) returned 0x1 [0097.396] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0097.396] ReadFile (in: hFile=0x278, lpBuffer=0x12852000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12863e80, lpOverlapped=0x0 | out: lpBuffer=0x12852000*, lpNumberOfBytesRead=0x12863e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.397] GetFileType (hFile=0x278) returned 0x1 [0097.397] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0097.397] WriteFile (in: hFile=0x278, lpBuffer=0x1286e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12863e78, lpOverlapped=0x0 | out: lpBuffer=0x1286e000*, lpNumberOfBytesWritten=0x12863e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.397] GetFileType (hFile=0x278) returned 0x1 [0097.397] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12863e9c | out: lpNewFilePointer=0x0) returned 1 [0097.397] SystemFunction036 (in: RandomBuffer=0x12a46901, RandomBufferLength=0x40 | out: RandomBuffer=0x12a46901) returned 1 [0097.397] WriteFile (in: hFile=0x278, lpBuffer=0x12900240*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12863d88, lpOverlapped=0x0 | out: lpBuffer=0x12900240*, lpNumberOfBytesWritten=0x12863d88*=0x4, lpOverlapped=0x0) returned 1 [0097.398] WriteFile (in: hFile=0x278, lpBuffer=0x12a46a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12863d88, lpOverlapped=0x0 | out: lpBuffer=0x12a46a00*, lpNumberOfBytesWritten=0x12863d88*=0x100, lpOverlapped=0x0) returned 1 [0097.398] CloseHandle (hObject=0x278) returned 1 [0097.400] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\PGkxYB cz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\pgkxyb cz.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\PGkxYB cz.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\pgkxyb cz.mp3.crypted"), dwFlags=0x1) returned 1 [0097.400] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\PGkxYB cz.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\pgkxyb cz.mp3")) returned 0xffffffff [0097.400] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0097.437] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0097.501] SetEvent (hEvent=0x144) returned 1 [0097.501] SetEvent (hEvent=0x2a4) returned 1 [0097.501] VirtualFree (lpAddress=0x12df4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.501] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) Thread: id = 28 os_tid = 0x1060 [0094.333] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3402ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3402ff28*=0x244) returned 1 [0094.333] VirtualQuery (in: lpAddress=0x3402ff38, lpBuffer=0x3402ff38, dwLength=0x1c | out: lpBuffer=0x3402ff38*(BaseAddress=0x3402f000, AllocationBase=0x33f30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.333] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282f200, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x248 [0094.333] CloseHandle (hObject=0x248) returned 1 [0094.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CtCB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\ctcb.avi"), fInfoLevelId=0x0, lpFileInformation=0x12b0fc44 | out: lpFileInformation=0x12b0fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4695b3f0, ftCreationTime.dwHighDateTime=0x1d7062d, ftLastAccessTime.dwLowDateTime=0xcc1acec0, ftLastAccessTime.dwHighDateTime=0x1d709f7, ftLastWriteTime.dwLowDateTime=0xcc1acec0, ftLastWriteTime.dwHighDateTime=0x1d709f7, nFileSizeHigh=0x0, nFileSizeLow=0x5a24)) returned 1 [0094.334] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CtCB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\ctcb.avi")) returned 0x20 [0094.334] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CtCB.avi", dwFileAttributes=0x20) returned 1 [0094.335] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CtCB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\ctcb.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x248 [0094.335] GetConsoleMode (in: hConsoleHandle=0x248, lpMode=0x12b0fe88 | out: lpMode=0x12b0fe88) returned 0 [0094.335] GetFileType (hFile=0x248) returned 0x1 [0094.335] GetFileType (hFile=0x248) returned 0x1 [0094.335] SetFilePointerEx (in: hFile=0x248, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b0fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.335] ReadFile (in: hFile=0x248, lpBuffer=0x12810474, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b0fd14, lpOverlapped=0x0 | out: lpBuffer=0x12810474*, lpNumberOfBytesRead=0x12b0fd14*=0x4, lpOverlapped=0x0) returned 1 [0094.335] SystemFunction036 (in: RandomBuffer=0x12816988, RandomBufferLength=0x10 | out: RandomBuffer=0x12816988) returned 1 [0094.335] SystemFunction036 (in: RandomBuffer=0x12816998, RandomBufferLength=0x10 | out: RandomBuffer=0x12816998) returned 1 [0094.335] VirtualAlloc (lpAddress=0x12a38000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a38000 [0094.336] GetFileType (hFile=0x248) returned 0x1 [0094.336] SetFilePointerEx (in: hFile=0x248, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b0fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.336] ReadFile (in: hFile=0x248, lpBuffer=0x12a38000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b0fe80, lpOverlapped=0x0 | out: lpBuffer=0x12a38000*, lpNumberOfBytesRead=0x12b0fe80*=0x4000, lpOverlapped=0x0) returned 1 [0094.336] VirtualAlloc (lpAddress=0x12a3c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a3c000 [0094.336] GetFileType (hFile=0x248) returned 0x1 [0094.336] SetFilePointerEx (in: hFile=0x248, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b0fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.336] WriteFile (in: hFile=0x248, lpBuffer=0x12a3c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b0fe78, lpOverlapped=0x0 | out: lpBuffer=0x12a3c000*, lpNumberOfBytesWritten=0x12b0fe78*=0x4000, lpOverlapped=0x0) returned 1 [0094.337] GetFileType (hFile=0x248) returned 0x1 [0094.337] SetFilePointerEx (in: hFile=0x248, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b0fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.337] SystemFunction036 (in: RandomBuffer=0x1287ed01, RandomBufferLength=0x40 | out: RandomBuffer=0x1287ed01) returned 1 [0094.337] VirtualAlloc (lpAddress=0x12a40000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a40000 [0094.338] WriteFile (in: hFile=0x248, lpBuffer=0x128104d0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b0fd88, lpOverlapped=0x0 | out: lpBuffer=0x128104d0*, lpNumberOfBytesWritten=0x12b0fd88*=0x4, lpOverlapped=0x0) returned 1 [0094.338] WriteFile (in: hFile=0x248, lpBuffer=0x1287ee00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b0fd88, lpOverlapped=0x0 | out: lpBuffer=0x1287ee00*, lpNumberOfBytesWritten=0x12b0fd88*=0x100, lpOverlapped=0x0) returned 1 [0094.338] CloseHandle (hObject=0x248) returned 1 [0094.435] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CtCB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\ctcb.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CtCB.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\ctcb.avi.crypted"), dwFlags=0x1) returned 1 [0097.435] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\CtCB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\ctcb.avi")) returned 0xffffffff [0097.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents" (normalized: "c:\\users\\rdhj0cnfevzx\\my documents"), fInfoLevelId=0x0, lpFileInformation=0x12b0fc44 | out: lpFileInformation=0x12b0fc44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.468] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents" (normalized: "c:\\users\\rdhj0cnfevzx\\my documents"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x2a4 [0097.469] GetFileInformationByHandle (in: hFile=0x2a4, lpFileInformation=0x12b0fbd0 | out: lpFileInformation=0x12b0fbd0) returned 1 [0097.469] GetFileInformationByHandleEx (in: hFile=0x2a4, FileInformationClass=0x9, lpFileInformation=0x12b0fbc8, dwBufferSize=0x8 | out: lpFileInformation=0x12b0fbc8) returned 1 [0097.469] CloseHandle (hObject=0x2a4) returned 1 [0097.469] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents" (normalized: "c:\\users\\rdhj0cnfevzx\\my documents")) returned 0x2416 [0097.469] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents", dwFileAttributes=0x2416) returned 1 [0097.469] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents" (normalized: "c:\\users\\rdhj0cnfevzx\\my documents"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0097.469] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents\\*", lpFindFileData=0x12b0fb9c | out: lpFindFileData=0x12b0fb9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0097.469] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents" (normalized: "c:\\users\\rdhj0cnfevzx\\my documents")) returned 0x2416 [0097.469] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents", dwFileAttributes=0x2417) returned 1 [0097.470] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2a4 [0097.470] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x27c [0097.470] WaitForSingleObject (hHandle=0x2a4, dwMilliseconds=0xffffffff) returned 0x0 [0097.522] WaitForSingleObject (hHandle=0x2a4, dwMilliseconds=0xffffffff) returned 0x0 [0097.540] WaitForSingleObject (hHandle=0x2a4, dwMilliseconds=0xffffffff) returned 0x0 [0097.550] SetEvent (hEvent=0x26c) returned 1 [0097.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2V5CsG2h.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2v5csg2h.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd93a2140, ftCreationTime.dwHighDateTime=0x1d6ff8f, ftLastAccessTime.dwLowDateTime=0x8d246110, ftLastAccessTime.dwHighDateTime=0x1d7069e, ftLastWriteTime.dwLowDateTime=0x8d246110, ftLastWriteTime.dwHighDateTime=0x1d7069e, nFileSizeHigh=0x0, nFileSizeLow=0x158b6)) returned 1 [0097.550] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2V5CsG2h.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2v5csg2h.jpg")) returned 0x20 [0097.550] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2V5CsG2h.jpg", dwFileAttributes=0x20) returned 1 [0097.550] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2V5CsG2h.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2v5csg2h.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0097.550] GetConsoleMode (in: hConsoleHandle=0x288, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0097.550] GetFileType (hFile=0x288) returned 0x1 [0097.550] GetFileType (hFile=0x288) returned 0x1 [0097.550] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.550] ReadFile (in: hFile=0x288, lpBuffer=0x1298e25c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e25c*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0097.551] SystemFunction036 (in: RandomBuffer=0x128ccac8, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccac8) returned 1 [0097.554] SystemFunction036 (in: RandomBuffer=0x128ccad8, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccad8) returned 1 [0097.554] GetFileType (hFile=0x288) returned 0x1 [0097.554] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.554] ReadFile (in: hFile=0x288, lpBuffer=0x1290a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x1290a000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.554] GetFileType (hFile=0x288) returned 0x1 [0097.554] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.554] WriteFile (in: hFile=0x288, lpBuffer=0x12924000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12924000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.554] GetFileType (hFile=0x288) returned 0x1 [0097.555] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.555] SystemFunction036 (in: RandomBuffer=0x12d9f801, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9f801) returned 1 [0097.555] WriteFile (in: hFile=0x288, lpBuffer=0x1298e2b8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e2b8*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0097.555] WriteFile (in: hFile=0x288, lpBuffer=0x12d9f900*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9f900*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0097.555] CloseHandle (hObject=0x288) returned 1 [0097.558] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2V5CsG2h.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2v5csg2h.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2V5CsG2h.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2v5csg2h.jpg.crypted"), dwFlags=0x1) returned 1 [0097.558] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2V5CsG2h.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2v5csg2h.jpg")) returned 0xffffffff [0097.558] SetEvent (hEvent=0x260) returned 1 [0097.559] VirtualFree (lpAddress=0x12df2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.559] WaitForSingleObject (hHandle=0x2a4, dwMilliseconds=0xffffffff) returned 0x0 [0100.458] WaitForSingleObject (hHandle=0x2a4, dwMilliseconds=0xffffffff) Thread: id = 29 os_tid = 0x10d0 [0094.354] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3416ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3416ff28*=0x248) returned 1 [0094.354] VirtualQuery (in: lpAddress=0x3416ff38, lpBuffer=0x3416ff38, dwLength=0x1c | out: lpBuffer=0x3416ff38*(BaseAddress=0x3416f000, AllocationBase=0x34070000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.354] SetEvent (hEvent=0xfc) returned 1 [0094.354] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x24c [0094.354] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x250 [0094.354] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0094.396] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\O7NH.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\o7nh.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12b2bc44 | out: lpFileInformation=0x12b2bc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4050f680, ftCreationTime.dwHighDateTime=0x1d70768, ftLastAccessTime.dwLowDateTime=0x6ae10e60, ftLastAccessTime.dwHighDateTime=0x1d707dd, ftLastWriteTime.dwLowDateTime=0x6ae10e60, ftLastWriteTime.dwHighDateTime=0x1d707dd, nFileSizeHigh=0x0, nFileSizeLow=0x5923)) returned 1 [0094.396] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\O7NH.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\o7nh.jpg")) returned 0x20 [0094.396] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\O7NH.jpg", dwFileAttributes=0x20) returned 1 [0094.396] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\O7NH.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\o7nh.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0094.396] GetConsoleMode (in: hConsoleHandle=0x258, lpMode=0x12b2be88 | out: lpMode=0x12b2be88) returned 0 [0094.396] GetFileType (hFile=0x258) returned 0x1 [0094.396] GetFileType (hFile=0x258) returned 0x1 [0094.396] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b2be9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.397] ReadFile (in: hFile=0x258, lpBuffer=0x1298e2c4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b2bd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e2c4*, lpNumberOfBytesRead=0x12b2bd14*=0x4, lpOverlapped=0x0) returned 1 [0094.397] SystemFunction036 (in: RandomBuffer=0x129a27a8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a27a8) returned 1 [0094.397] SystemFunction036 (in: RandomBuffer=0x129a27b8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a27b8) returned 1 [0094.397] VirtualAlloc (lpAddress=0x129e2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129e2000 [0094.397] GetFileType (hFile=0x258) returned 0x1 [0094.397] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2be9c | out: lpNewFilePointer=0x0) returned 1 [0094.397] ReadFile (in: hFile=0x258, lpBuffer=0x129e2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b2be80, lpOverlapped=0x0 | out: lpBuffer=0x129e2000*, lpNumberOfBytesRead=0x12b2be80*=0x4000, lpOverlapped=0x0) returned 1 [0094.397] VirtualAlloc (lpAddress=0x129e6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129e6000 [0094.398] GetFileType (hFile=0x258) returned 0x1 [0094.398] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2be9c | out: lpNewFilePointer=0x0) returned 1 [0094.398] WriteFile (in: hFile=0x258, lpBuffer=0x129e6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b2be78, lpOverlapped=0x0 | out: lpBuffer=0x129e6000*, lpNumberOfBytesWritten=0x12b2be78*=0x4000, lpOverlapped=0x0) returned 1 [0094.398] GetFileType (hFile=0x258) returned 0x1 [0094.398] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2be9c | out: lpNewFilePointer=0x0) returned 1 [0094.398] SystemFunction036 (in: RandomBuffer=0x129b8b01, RandomBufferLength=0x40 | out: RandomBuffer=0x129b8b01) returned 1 [0094.398] VirtualAlloc (lpAddress=0x129ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129ea000 [0094.399] WriteFile (in: hFile=0x258, lpBuffer=0x1298e320*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b2bd88, lpOverlapped=0x0 | out: lpBuffer=0x1298e320*, lpNumberOfBytesWritten=0x12b2bd88*=0x4, lpOverlapped=0x0) returned 1 [0094.399] WriteFile (in: hFile=0x258, lpBuffer=0x129b8c00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b2bd88, lpOverlapped=0x0 | out: lpBuffer=0x129b8c00*, lpNumberOfBytesWritten=0x12b2bd88*=0x100, lpOverlapped=0x0) returned 1 [0094.399] CloseHandle (hObject=0x258) returned 1 [0094.435] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\O7NH.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\o7nh.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\O7NH.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\o7nh.jpg.crypted"), dwFlags=0x1) returned 1 [0097.468] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\O7NH.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\o7nh.jpg")) returned 0xffffffff [0097.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\07tca.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\07tca.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12b2bc44 | out: lpFileInformation=0x12b2bc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe54124c0, ftCreationTime.dwHighDateTime=0x1d703b3, ftLastAccessTime.dwLowDateTime=0x64756700, ftLastAccessTime.dwHighDateTime=0x1d70923, ftLastWriteTime.dwLowDateTime=0x64756700, ftLastWriteTime.dwHighDateTime=0x1d70923, nFileSizeHigh=0x0, nFileSizeLow=0x8047)) returned 1 [0097.530] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\07tca.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\07tca.bmp")) returned 0x20 [0097.530] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\07tca.bmp", dwFileAttributes=0x20) returned 1 [0097.530] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\07tca.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\07tca.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2a8 [0097.531] GetConsoleMode (in: hConsoleHandle=0x2a8, lpMode=0x12b2be88 | out: lpMode=0x12b2be88) returned 0 [0097.531] GetFileType (hFile=0x2a8) returned 0x1 [0097.531] GetFileType (hFile=0x2a8) returned 0x1 [0097.531] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b2be9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.531] ReadFile (in: hFile=0x2a8, lpBuffer=0x1288a154, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b2bd14, lpOverlapped=0x0 | out: lpBuffer=0x1288a154*, lpNumberOfBytesRead=0x12b2bd14*=0x4, lpOverlapped=0x0) returned 1 [0097.531] SystemFunction036 (in: RandomBuffer=0x12930528, RandomBufferLength=0x10 | out: RandomBuffer=0x12930528) returned 1 [0097.531] SystemFunction036 (in: RandomBuffer=0x12930538, RandomBufferLength=0x10 | out: RandomBuffer=0x12930538) returned 1 [0097.531] GetFileType (hFile=0x2a8) returned 0x1 [0097.531] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2be9c | out: lpNewFilePointer=0x0) returned 1 [0097.531] ReadFile (in: hFile=0x2a8, lpBuffer=0x12be8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b2be80, lpOverlapped=0x0 | out: lpBuffer=0x12be8000*, lpNumberOfBytesRead=0x12b2be80*=0x4000, lpOverlapped=0x0) returned 1 [0097.531] GetFileType (hFile=0x2a8) returned 0x1 [0097.531] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2be9c | out: lpNewFilePointer=0x0) returned 1 [0097.531] WriteFile (in: hFile=0x2a8, lpBuffer=0x12bec000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b2be78, lpOverlapped=0x0 | out: lpBuffer=0x12bec000*, lpNumberOfBytesWritten=0x12b2be78*=0x4000, lpOverlapped=0x0) returned 1 [0097.532] GetFileType (hFile=0x2a8) returned 0x1 [0097.532] SetFilePointerEx (in: hFile=0x2a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2be9c | out: lpNewFilePointer=0x0) returned 1 [0097.532] SystemFunction036 (in: RandomBuffer=0x12bc6501, RandomBufferLength=0x40 | out: RandomBuffer=0x12bc6501) returned 1 [0097.532] WriteFile (in: hFile=0x2a8, lpBuffer=0x1288a1b0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b2bd88, lpOverlapped=0x0 | out: lpBuffer=0x1288a1b0*, lpNumberOfBytesWritten=0x12b2bd88*=0x4, lpOverlapped=0x0) returned 1 [0097.532] WriteFile (in: hFile=0x2a8, lpBuffer=0x12bc6600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b2bd88, lpOverlapped=0x0 | out: lpBuffer=0x12bc6600*, lpNumberOfBytesWritten=0x12b2bd88*=0x100, lpOverlapped=0x0) returned 1 [0097.532] CloseHandle (hObject=0x2a8) returned 1 [0097.534] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\07tca.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\07tca.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\07tca.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\07tca.bmp.crypted"), dwFlags=0x1) returned 1 [0097.535] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\07tca.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\07tca.bmp")) returned 0xffffffff [0097.535] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) Thread: id = 30 os_tid = 0x10c4 [0094.387] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x342aff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x342aff28*=0x160) returned 1 [0094.387] VirtualQuery (in: lpAddress=0x342aff38, lpBuffer=0x342aff38, dwLength=0x1c | out: lpBuffer=0x342aff38*(BaseAddress=0x342af000, AllocationBase=0x341b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.387] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1296ed80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x258 [0094.387] CloseHandle (hObject=0x258) returned 1 [0094.387] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\LYDVGBJ4IFd.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\lydvgbj4ifd.png"), fInfoLevelId=0x0, lpFileInformation=0x12a21c44 | out: lpFileInformation=0x12a21c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98140b40, ftCreationTime.dwHighDateTime=0x1d7065b, ftLastAccessTime.dwLowDateTime=0x2af345a0, ftLastAccessTime.dwHighDateTime=0x1d708e8, ftLastWriteTime.dwLowDateTime=0x2af345a0, ftLastWriteTime.dwHighDateTime=0x1d708e8, nFileSizeHigh=0x0, nFileSizeLow=0x722f)) returned 1 [0094.387] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\LYDVGBJ4IFd.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\lydvgbj4ifd.png")) returned 0x20 [0094.387] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\LYDVGBJ4IFd.png", dwFileAttributes=0x20) returned 1 [0094.388] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\LYDVGBJ4IFd.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\lydvgbj4ifd.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0094.388] GetConsoleMode (in: hConsoleHandle=0x258, lpMode=0x12a21e88 | out: lpMode=0x12a21e88) returned 0 [0094.388] GetFileType (hFile=0x258) returned 0x1 [0094.388] GetFileType (hFile=0x258) returned 0x1 [0094.388] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a21e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.388] ReadFile (in: hFile=0x258, lpBuffer=0x129007d8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a21d14, lpOverlapped=0x0 | out: lpBuffer=0x129007d8*, lpNumberOfBytesRead=0x12a21d14*=0x4, lpOverlapped=0x0) returned 1 [0094.388] SystemFunction036 (in: RandomBuffer=0x129314c8, RandomBufferLength=0x10 | out: RandomBuffer=0x129314c8) returned 1 [0094.388] SystemFunction036 (in: RandomBuffer=0x129314d8, RandomBufferLength=0x10 | out: RandomBuffer=0x129314d8) returned 1 [0094.388] VirtualAlloc (lpAddress=0x12ac2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ac2000 [0094.389] GetFileType (hFile=0x258) returned 0x1 [0094.389] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a21e9c | out: lpNewFilePointer=0x0) returned 1 [0094.389] ReadFile (in: hFile=0x258, lpBuffer=0x12ac2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a21e80, lpOverlapped=0x0 | out: lpBuffer=0x12ac2000*, lpNumberOfBytesRead=0x12a21e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.389] VirtualAlloc (lpAddress=0x12ac6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ac6000 [0094.392] GetFileType (hFile=0x258) returned 0x1 [0094.392] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a21e9c | out: lpNewFilePointer=0x0) returned 1 [0094.392] WriteFile (in: hFile=0x258, lpBuffer=0x12ac6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a21e78, lpOverlapped=0x0 | out: lpBuffer=0x12ac6000*, lpNumberOfBytesWritten=0x12a21e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.393] GetFileType (hFile=0x258) returned 0x1 [0094.393] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a21e9c | out: lpNewFilePointer=0x0) returned 1 [0094.393] SystemFunction036 (in: RandomBuffer=0x12951a01, RandomBufferLength=0x40 | out: RandomBuffer=0x12951a01) returned 1 [0094.393] VirtualAlloc (lpAddress=0x12aca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12aca000 [0094.393] WriteFile (in: hFile=0x258, lpBuffer=0x12900834*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a21d88, lpOverlapped=0x0 | out: lpBuffer=0x12900834*, lpNumberOfBytesWritten=0x12a21d88*=0x4, lpOverlapped=0x0) returned 1 [0094.394] WriteFile (in: hFile=0x258, lpBuffer=0x12951b00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a21d88, lpOverlapped=0x0 | out: lpBuffer=0x12951b00*, lpNumberOfBytesWritten=0x12a21d88*=0x100, lpOverlapped=0x0) returned 1 [0094.395] CloseHandle (hObject=0x258) returned 1 [0094.435] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\LYDVGBJ4IFd.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\lydvgbj4ifd.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\LYDVGBJ4IFd.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\lydvgbj4ifd.png.crypted"), dwFlags=0x1) returned 1 [0097.394] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\LYDVGBJ4IFd.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\lydvgbj4ifd.png")) returned 0xffffffff [0097.435] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2a0 [0097.435] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x284 [0097.435] WaitForSingleObject (hHandle=0x2a0, dwMilliseconds=0xffffffff) Thread: id = 31 os_tid = 0x13a8 [0094.366] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x343eff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x343eff28*=0x254) returned 1 [0094.366] VirtualQuery (in: lpAddress=0x343eff38, lpBuffer=0x343eff38, dwLength=0x1c | out: lpBuffer=0x343eff38*(BaseAddress=0x343ef000, AllocationBase=0x342f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.366] VirtualAlloc (lpAddress=0x12b2a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b2a000 [0094.366] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\EmxH.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\emxh.ppt"), fInfoLevelId=0x0, lpFileInformation=0x12b2fc44 | out: lpFileInformation=0x12b2fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dc37ff0, ftCreationTime.dwHighDateTime=0x1d709ae, ftLastAccessTime.dwLowDateTime=0xeecc5770, ftLastAccessTime.dwHighDateTime=0x1d709c7, ftLastWriteTime.dwLowDateTime=0xeecc5770, ftLastWriteTime.dwHighDateTime=0x1d709c7, nFileSizeHigh=0x0, nFileSizeLow=0xc328)) returned 1 [0094.366] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\EmxH.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\emxh.ppt")) returned 0x20 [0094.366] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\EmxH.ppt", dwFileAttributes=0x20) returned 1 [0094.367] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\EmxH.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\emxh.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x258 [0094.367] GetConsoleMode (in: hConsoleHandle=0x258, lpMode=0x12b2fe88 | out: lpMode=0x12b2fe88) returned 0 [0094.367] GetFileType (hFile=0x258) returned 0x1 [0094.367] GetFileType (hFile=0x258) returned 0x1 [0094.367] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b2fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.367] ReadFile (in: hFile=0x258, lpBuffer=0x1288b434, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b2fd14, lpOverlapped=0x0 | out: lpBuffer=0x1288b434*, lpNumberOfBytesRead=0x12b2fd14*=0x4, lpOverlapped=0x0) returned 1 [0094.367] SystemFunction036 (in: RandomBuffer=0x128cd0b8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd0b8) returned 1 [0094.367] SystemFunction036 (in: RandomBuffer=0x128cd0c8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd0c8) returned 1 [0094.368] VirtualAlloc (lpAddress=0x12b32000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b32000 [0094.368] GetFileType (hFile=0x258) returned 0x1 [0094.368] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.368] ReadFile (in: hFile=0x258, lpBuffer=0x12b32000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b2fe80, lpOverlapped=0x0 | out: lpBuffer=0x12b32000*, lpNumberOfBytesRead=0x12b2fe80*=0x4000, lpOverlapped=0x0) returned 1 [0094.368] VirtualAlloc (lpAddress=0x12b36000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b36000 [0094.369] GetFileType (hFile=0x258) returned 0x1 [0094.369] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.369] WriteFile (in: hFile=0x258, lpBuffer=0x12b36000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b2fe78, lpOverlapped=0x0 | out: lpBuffer=0x12b36000*, lpNumberOfBytesWritten=0x12b2fe78*=0x4000, lpOverlapped=0x0) returned 1 [0094.369] GetFileType (hFile=0x258) returned 0x1 [0094.369] SetFilePointerEx (in: hFile=0x258, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.369] SystemFunction036 (in: RandomBuffer=0x128df901, RandomBufferLength=0x40 | out: RandomBuffer=0x128df901) returned 1 [0094.370] WriteFile (in: hFile=0x258, lpBuffer=0x1288b490*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b2fd88, lpOverlapped=0x0 | out: lpBuffer=0x1288b490*, lpNumberOfBytesWritten=0x12b2fd88*=0x4, lpOverlapped=0x0) returned 1 [0094.370] WriteFile (in: hFile=0x258, lpBuffer=0x128dfa00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b2fd88, lpOverlapped=0x0 | out: lpBuffer=0x128dfa00*, lpNumberOfBytesWritten=0x12b2fd88*=0x100, lpOverlapped=0x0) returned 1 [0094.370] CloseHandle (hObject=0x258) returned 1 [0094.435] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\EmxH.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\emxh.ppt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\EmxH.ppt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\emxh.ppt.crypted"), dwFlags=0x1) returned 1 [0097.530] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\EmxH.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\emxh.ppt")) returned 0xffffffff [0097.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2bKCQml.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2bkcqml.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12b2fc44 | out: lpFileInformation=0x12b2fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb940aff0, ftCreationTime.dwHighDateTime=0x1d6fa6a, ftLastAccessTime.dwLowDateTime=0xad740680, ftLastAccessTime.dwHighDateTime=0x1d701f0, ftLastWriteTime.dwLowDateTime=0xad740680, ftLastWriteTime.dwHighDateTime=0x1d701f0, nFileSizeHigh=0x0, nFileSizeLow=0x13099)) returned 1 [0097.570] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2bKCQml.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2bkcqml.jpg")) returned 0x20 [0097.570] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2bKCQml.jpg", dwFileAttributes=0x20) returned 1 [0097.571] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2bKCQml.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2bkcqml.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0097.571] GetConsoleMode (in: hConsoleHandle=0x288, lpMode=0x12b2fe88 | out: lpMode=0x12b2fe88) returned 0 [0097.571] GetFileType (hFile=0x288) returned 0x1 [0097.571] GetFileType (hFile=0x288) returned 0x1 [0097.571] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b2fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.571] ReadFile (in: hFile=0x288, lpBuffer=0x12900374, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b2fd14, lpOverlapped=0x0 | out: lpBuffer=0x12900374*, lpNumberOfBytesRead=0x12b2fd14*=0x4, lpOverlapped=0x0) returned 1 [0097.571] SystemFunction036 (in: RandomBuffer=0x12817108, RandomBufferLength=0x10 | out: RandomBuffer=0x12817108) returned 1 [0097.571] SystemFunction036 (in: RandomBuffer=0x12817118, RandomBufferLength=0x10 | out: RandomBuffer=0x12817118) returned 1 [0097.571] GetFileType (hFile=0x288) returned 0x1 [0097.571] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2fe9c | out: lpNewFilePointer=0x0) returned 1 [0097.571] ReadFile (in: hFile=0x288, lpBuffer=0x12876000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b2fe80, lpOverlapped=0x0 | out: lpBuffer=0x12876000*, lpNumberOfBytesRead=0x12b2fe80*=0x4000, lpOverlapped=0x0) returned 1 [0097.572] GetFileType (hFile=0x288) returned 0x1 [0097.572] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2fe9c | out: lpNewFilePointer=0x0) returned 1 [0097.572] WriteFile (in: hFile=0x288, lpBuffer=0x1287a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b2fe78, lpOverlapped=0x0 | out: lpBuffer=0x1287a000*, lpNumberOfBytesWritten=0x12b2fe78*=0x4000, lpOverlapped=0x0) returned 1 [0097.572] GetFileType (hFile=0x288) returned 0x1 [0097.572] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b2fe9c | out: lpNewFilePointer=0x0) returned 1 [0097.572] SystemFunction036 (in: RandomBuffer=0x12a46d01, RandomBufferLength=0x40 | out: RandomBuffer=0x12a46d01) returned 1 [0097.572] WriteFile (in: hFile=0x288, lpBuffer=0x129003d0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b2fd88, lpOverlapped=0x0 | out: lpBuffer=0x129003d0*, lpNumberOfBytesWritten=0x12b2fd88*=0x4, lpOverlapped=0x0) returned 1 [0097.573] WriteFile (in: hFile=0x288, lpBuffer=0x12a46e00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b2fd88, lpOverlapped=0x0 | out: lpBuffer=0x12a46e00*, lpNumberOfBytesWritten=0x12b2fd88*=0x100, lpOverlapped=0x0) returned 1 [0097.573] CloseHandle (hObject=0x288) returned 1 [0097.575] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2bKCQml.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2bkcqml.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2bKCQml.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2bkcqml.jpg.crypted"), dwFlags=0x1) returned 1 [0097.576] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2bKCQml.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2bkcqml.jpg")) returned 0xffffffff [0097.576] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x288 [0097.576] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2a8 [0097.576] WaitForSingleObject (hHandle=0x288, dwMilliseconds=0xffffffff) returned 0x0 [0100.449] WaitForSingleObject (hHandle=0x288, dwMilliseconds=0xffffffff) Thread: id = 32 os_tid = 0x13ac [0094.410] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3452ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3452ff28*=0x258) returned 1 [0094.410] VirtualQuery (in: lpAddress=0x3452ff38, lpBuffer=0x3452ff38, dwLength=0x1c | out: lpBuffer=0x3452ff38*(BaseAddress=0x3452f000, AllocationBase=0x34430000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.411] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x1282f440, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x25c [0094.411] CloseHandle (hObject=0x25c) returned 1 [0094.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\Wl80P.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\wl80p.png"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x807a4240, ftCreationTime.dwHighDateTime=0x1d70126, ftLastAccessTime.dwLowDateTime=0xac113ec0, ftLastAccessTime.dwHighDateTime=0x1d709de, ftLastWriteTime.dwLowDateTime=0xac113ec0, ftLastWriteTime.dwHighDateTime=0x1d709de, nFileSizeHigh=0x0, nFileSizeLow=0xb057)) returned 1 [0094.411] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\Wl80P.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\wl80p.png")) returned 0x20 [0094.411] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\Wl80P.png", dwFileAttributes=0x20) returned 1 [0094.411] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\Wl80P.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\wl80p.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x25c [0094.412] GetConsoleMode (in: hConsoleHandle=0x25c, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0094.412] GetFileType (hFile=0x25c) returned 0x1 [0094.412] GetFileType (hFile=0x25c) returned 0x1 [0094.412] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.412] ReadFile (in: hFile=0x25c, lpBuffer=0x128104d8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x128104d8*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0094.412] SystemFunction036 (in: RandomBuffer=0x12816ac8, RandomBufferLength=0x10 | out: RandomBuffer=0x12816ac8) returned 1 [0094.412] SystemFunction036 (in: RandomBuffer=0x12816ad8, RandomBufferLength=0x10 | out: RandomBuffer=0x12816ad8) returned 1 [0094.412] VirtualAlloc (lpAddress=0x12a44000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a44000 [0094.412] GetFileType (hFile=0x25c) returned 0x1 [0094.413] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0094.413] ReadFile (in: hFile=0x25c, lpBuffer=0x12a44000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x12a44000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.413] VirtualAlloc (lpAddress=0x12a48000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a48000 [0094.413] GetFileType (hFile=0x25c) returned 0x1 [0094.413] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0094.413] WriteFile (in: hFile=0x25c, lpBuffer=0x12a48000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x12a48000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.414] GetFileType (hFile=0x25c) returned 0x1 [0094.414] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0094.414] SystemFunction036 (in: RandomBuffer=0x1287f001, RandomBufferLength=0x40 | out: RandomBuffer=0x1287f001) returned 1 [0094.414] WriteFile (in: hFile=0x25c, lpBuffer=0x12810534*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12810534*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0094.414] WriteFile (in: hFile=0x25c, lpBuffer=0x1287f100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1287f100*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0094.414] CloseHandle (hObject=0x25c) returned 1 [0094.436] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\Wl80P.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\wl80p.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\Wl80P.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\wl80p.png.crypted"), dwFlags=0x1) returned 1 [0097.608] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\Wl80P.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\wl80p.png")) returned 0xffffffff [0097.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\8qMv.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\8qmv.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6cea7d0, ftCreationTime.dwHighDateTime=0x1d6fb3c, ftLastAccessTime.dwLowDateTime=0xb2099a20, ftLastAccessTime.dwHighDateTime=0x1d709c5, ftLastWriteTime.dwLowDateTime=0xb2099a20, ftLastWriteTime.dwHighDateTime=0x1d709c5, nFileSizeHigh=0x0, nFileSizeLow=0x105ad)) returned 1 [0097.608] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\8qMv.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\8qmv.bmp")) returned 0x20 [0097.608] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\8qMv.bmp", dwFileAttributes=0x20) returned 1 [0097.608] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\8qMv.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\8qmv.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0097.608] GetConsoleMode (in: hConsoleHandle=0x278, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0097.608] GetFileType (hFile=0x278) returned 0x1 [0097.608] GetFileType (hFile=0x278) returned 0x1 [0097.608] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.609] ReadFile (in: hFile=0x278, lpBuffer=0x128103bc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x128103bc*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0097.609] SystemFunction036 (in: RandomBuffer=0x129a2f78, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2f78) returned 1 [0097.609] SystemFunction036 (in: RandomBuffer=0x129a2f88, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2f88) returned 1 [0097.609] GetFileType (hFile=0x278) returned 0x1 [0097.609] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.609] ReadFile (in: hFile=0x278, lpBuffer=0x128f8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x128f8000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.609] GetFileType (hFile=0x278) returned 0x1 [0097.609] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.609] WriteFile (in: hFile=0x278, lpBuffer=0x128fc000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x128fc000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.610] GetFileType (hFile=0x278) returned 0x1 [0097.610] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.610] SystemFunction036 (in: RandomBuffer=0x1295fc01, RandomBufferLength=0x40 | out: RandomBuffer=0x1295fc01) returned 1 [0097.610] WriteFile (in: hFile=0x278, lpBuffer=0x12810418*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12810418*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0097.610] WriteFile (in: hFile=0x278, lpBuffer=0x1295fd00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1295fd00*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0097.610] CloseHandle (hObject=0x278) returned 1 [0097.613] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\8qMv.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\8qmv.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\8qMv.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\8qmv.bmp.crypted"), dwFlags=0x1) returned 1 [0097.614] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\8qMv.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\8qmv.bmp")) returned 0xffffffff [0097.614] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x278 [0097.614] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x280 [0097.614] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0097.644] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Bg3SfdVdr.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\bg3sfdvdr.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5721bd0, ftCreationTime.dwHighDateTime=0x1d6ff24, ftLastAccessTime.dwLowDateTime=0x71939eb0, ftLastAccessTime.dwHighDateTime=0x1d703b6, ftLastWriteTime.dwLowDateTime=0x71939eb0, ftLastWriteTime.dwHighDateTime=0x1d703b6, nFileSizeHigh=0x0, nFileSizeLow=0xab81)) returned 1 [0097.644] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Bg3SfdVdr.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\bg3sfdvdr.bmp")) returned 0x20 [0097.644] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Bg3SfdVdr.bmp", dwFileAttributes=0x20) returned 1 [0097.644] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Bg3SfdVdr.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\bg3sfdvdr.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.645] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0097.645] GetFileType (hFile=0x274) returned 0x1 [0097.645] GetFileType (hFile=0x274) returned 0x1 [0097.645] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.645] ReadFile (in: hFile=0x274, lpBuffer=0x12900458, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x12900458*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0097.645] SystemFunction036 (in: RandomBuffer=0x128173d8, RandomBufferLength=0x10 | out: RandomBuffer=0x128173d8) returned 1 [0097.645] SystemFunction036 (in: RandomBuffer=0x128173e8, RandomBufferLength=0x10 | out: RandomBuffer=0x128173e8) returned 1 [0097.645] GetFileType (hFile=0x274) returned 0x1 [0097.645] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.645] ReadFile (in: hFile=0x274, lpBuffer=0x12a00000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12a00000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.645] GetFileType (hFile=0x274) returned 0x1 [0097.645] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.645] WriteFile (in: hFile=0x274, lpBuffer=0x12a04000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12a04000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.646] GetFileType (hFile=0x274) returned 0x1 [0097.646] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.646] SystemFunction036 (in: RandomBuffer=0x12a47501, RandomBufferLength=0x40 | out: RandomBuffer=0x12a47501) returned 1 [0097.646] WriteFile (in: hFile=0x274, lpBuffer=0x129004b4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x129004b4*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0097.646] WriteFile (in: hFile=0x274, lpBuffer=0x12a47600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12a47600*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0097.646] CloseHandle (hObject=0x274) returned 1 [0097.652] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Bg3SfdVdr.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\bg3sfdvdr.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Bg3SfdVdr.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\bg3sfdvdr.bmp.crypted"), dwFlags=0x1) returned 1 [0097.673] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Bg3SfdVdr.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\bg3sfdvdr.bmp")) returned 0xffffffff [0097.673] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0097.685] SetEvent (hEvent=0x1e4) returned 1 [0097.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\HUFrMqUQLvETR0w0.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hufrmquqlvetr0w0.png"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e9b27e0, ftCreationTime.dwHighDateTime=0x1d7068b, ftLastAccessTime.dwLowDateTime=0x90428df0, ftLastAccessTime.dwHighDateTime=0x1d709f4, ftLastWriteTime.dwLowDateTime=0x90428df0, ftLastWriteTime.dwHighDateTime=0x1d709f4, nFileSizeHigh=0x0, nFileSizeLow=0x16812)) returned 1 [0097.685] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\HUFrMqUQLvETR0w0.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hufrmquqlvetr0w0.png")) returned 0x20 [0097.685] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\HUFrMqUQLvETR0w0.png", dwFileAttributes=0x20) returned 1 [0097.685] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\HUFrMqUQLvETR0w0.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hufrmquqlvetr0w0.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.685] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0097.686] GetFileType (hFile=0x274) returned 0x1 [0097.686] GetFileType (hFile=0x274) returned 0x1 [0097.686] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.686] ReadFile (in: hFile=0x274, lpBuffer=0x1288a1f4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a1f4*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0097.686] SystemFunction036 (in: RandomBuffer=0x12930668, RandomBufferLength=0x10 | out: RandomBuffer=0x12930668) returned 1 [0097.686] SystemFunction036 (in: RandomBuffer=0x12930678, RandomBufferLength=0x10 | out: RandomBuffer=0x12930678) returned 1 [0097.686] GetFileType (hFile=0x274) returned 0x1 [0097.686] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.686] ReadFile (in: hFile=0x274, lpBuffer=0x12bf4000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12bf4000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.686] GetFileType (hFile=0x274) returned 0x1 [0097.686] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.686] WriteFile (in: hFile=0x274, lpBuffer=0x12bf8000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12bf8000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.687] GetFileType (hFile=0x274) returned 0x1 [0097.687] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x10000, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.687] ReadFile (in: hFile=0x274, lpBuffer=0x12bf4000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12bf4000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.687] GetFileType (hFile=0x274) returned 0x1 [0097.687] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x10000, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.687] WriteFile (in: hFile=0x274, lpBuffer=0x12bfc000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12bfc000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.687] GetFileType (hFile=0x274) returned 0x1 [0097.687] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.688] SystemFunction036 (in: RandomBuffer=0x12bc6b01, RandomBufferLength=0x40 | out: RandomBuffer=0x12bc6b01) returned 1 [0097.688] WriteFile (in: hFile=0x274, lpBuffer=0x1288a250*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a250*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0097.688] WriteFile (in: hFile=0x274, lpBuffer=0x12bc6c00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12bc6c00*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0097.688] CloseHandle (hObject=0x274) returned 1 [0097.691] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\HUFrMqUQLvETR0w0.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hufrmquqlvetr0w0.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\HUFrMqUQLvETR0w0.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hufrmquqlvetr0w0.png.crypted"), dwFlags=0x1) returned 1 [0097.691] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\HUFrMqUQLvETR0w0.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hufrmquqlvetr0w0.png")) returned 0xffffffff [0097.691] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0097.749] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0097.758] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0097.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\WoPtTB-ZULyBg.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wopttb-zulybg.gif"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x393b4320, ftCreationTime.dwHighDateTime=0x1d70914, ftLastAccessTime.dwLowDateTime=0xd90c3df0, ftLastAccessTime.dwHighDateTime=0x1d70a18, ftLastWriteTime.dwLowDateTime=0xd90c3df0, ftLastWriteTime.dwHighDateTime=0x1d70a18, nFileSizeHigh=0x0, nFileSizeLow=0x1779b)) returned 1 [0097.834] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\WoPtTB-ZULyBg.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wopttb-zulybg.gif")) returned 0x20 [0097.834] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\WoPtTB-ZULyBg.gif", dwFileAttributes=0x20) returned 1 [0097.835] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\WoPtTB-ZULyBg.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wopttb-zulybg.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.835] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0097.835] GetFileType (hFile=0x274) returned 0x1 [0097.835] GetFileType (hFile=0x274) returned 0x1 [0097.835] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.835] ReadFile (in: hFile=0x274, lpBuffer=0x1298e2fc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e2fc*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0097.835] SystemFunction036 (in: RandomBuffer=0x128ccca8, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccca8) returned 1 [0097.835] SystemFunction036 (in: RandomBuffer=0x128cccb8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cccb8) returned 1 [0097.835] GetFileType (hFile=0x274) returned 0x1 [0097.835] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.835] ReadFile (in: hFile=0x274, lpBuffer=0x1292a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x1292a000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.836] GetFileType (hFile=0x274) returned 0x1 [0097.836] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.836] WriteFile (in: hFile=0x274, lpBuffer=0x12932000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12932000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.836] GetFileType (hFile=0x274) returned 0x1 [0097.836] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.836] SystemFunction036 (in: RandomBuffer=0x12d9fb01, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9fb01) returned 1 [0097.836] WriteFile (in: hFile=0x274, lpBuffer=0x1298e358*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e358*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0097.836] WriteFile (in: hFile=0x274, lpBuffer=0x12d9fc00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9fc00*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0097.836] CloseHandle (hObject=0x274) returned 1 [0097.839] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\WoPtTB-ZULyBg.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wopttb-zulybg.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\WoPtTB-ZULyBg.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wopttb-zulybg.gif.crypted"), dwFlags=0x1) returned 1 [0097.840] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\WoPtTB-ZULyBg.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\wopttb-zulybg.gif")) returned 0xffffffff [0097.840] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0097.894] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0097.919] SetEvent (hEvent=0x1a4) returned 1 [0097.919] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\jr8vAOj2RFtClQI1FqJs.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jr8vaoj2rftclqi1fqjs.png"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x383e1a70, ftCreationTime.dwHighDateTime=0x1d70940, ftLastAccessTime.dwLowDateTime=0x14ebda50, ftLastAccessTime.dwHighDateTime=0x1d70a33, ftLastWriteTime.dwLowDateTime=0x14ebda50, ftLastWriteTime.dwHighDateTime=0x1d70a33, nFileSizeHigh=0x0, nFileSizeLow=0x60e6)) returned 1 [0097.919] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\jr8vAOj2RFtClQI1FqJs.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jr8vaoj2rftclqi1fqjs.png")) returned 0x20 [0097.919] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\jr8vAOj2RFtClQI1FqJs.png", dwFileAttributes=0x20) returned 1 [0097.919] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\jr8vAOj2RFtClQI1FqJs.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jr8vaoj2rftclqi1fqjs.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.920] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0097.920] GetFileType (hFile=0x274) returned 0x1 [0097.920] GetFileType (hFile=0x274) returned 0x1 [0097.920] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.920] ReadFile (in: hFile=0x274, lpBuffer=0x1288a340, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a340*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0097.920] SystemFunction036 (in: RandomBuffer=0x12930a28, RandomBufferLength=0x10 | out: RandomBuffer=0x12930a28) returned 1 [0097.920] SystemFunction036 (in: RandomBuffer=0x12930a38, RandomBufferLength=0x10 | out: RandomBuffer=0x12930a38) returned 1 [0097.920] GetFileType (hFile=0x274) returned 0x1 [0097.920] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.920] ReadFile (in: hFile=0x274, lpBuffer=0x12a90000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12a90000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.920] GetFileType (hFile=0x274) returned 0x1 [0097.920] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.920] WriteFile (in: hFile=0x274, lpBuffer=0x12a94000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12a94000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.921] GetFileType (hFile=0x274) returned 0x1 [0097.921] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0097.921] SystemFunction036 (in: RandomBuffer=0x12bc7501, RandomBufferLength=0x40 | out: RandomBuffer=0x12bc7501) returned 1 [0097.921] WriteFile (in: hFile=0x274, lpBuffer=0x1288a39c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a39c*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0097.953] WriteFile (in: hFile=0x274, lpBuffer=0x12bc7600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12bc7600*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0097.953] CloseHandle (hObject=0x274) returned 1 [0097.955] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\jr8vAOj2RFtClQI1FqJs.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jr8vaoj2rftclqi1fqjs.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\jr8vAOj2RFtClQI1FqJs.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jr8vaoj2rftclqi1fqjs.png.crypted"), dwFlags=0x1) returned 1 [0097.956] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\jr8vAOj2RFtClQI1FqJs.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jr8vaoj2rftclqi1fqjs.png")) returned 0xffffffff [0097.956] SetEvent (hEvent=0x260) returned 1 [0097.956] VirtualFree (lpAddress=0x12de8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.956] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0098.185] SetEvent (hEvent=0x26c) returned 1 [0098.185] SetEvent (hEvent=0x1a4) returned 1 [0098.185] VirtualFree (lpAddress=0x12de2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.186] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0098.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\oEH_Z M5ZBY9lEd.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\oeh_z m5zby9led.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4c5d630, ftCreationTime.dwHighDateTime=0x1d6ff9a, ftLastAccessTime.dwLowDateTime=0x8a0b0d70, ftLastAccessTime.dwHighDateTime=0x1d707ee, ftLastWriteTime.dwLowDateTime=0x8a0b0d70, ftLastWriteTime.dwHighDateTime=0x1d707ee, nFileSizeHigh=0x0, nFileSizeLow=0x2bf7)) returned 1 [0098.257] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\oEH_Z M5ZBY9lEd.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\oeh_z m5zby9led.jpg")) returned 0x20 [0098.257] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\oEH_Z M5ZBY9lEd.jpg", dwFileAttributes=0x20) returned 1 [0098.257] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\oEH_Z M5ZBY9lEd.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\oeh_z m5zby9led.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0098.257] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0098.257] GetFileType (hFile=0x274) returned 0x1 [0098.257] GetFileType (hFile=0x274) returned 0x1 [0098.257] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0098.257] ReadFile (in: hFile=0x274, lpBuffer=0x128105d4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x128105d4*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0098.258] SystemFunction036 (in: RandomBuffer=0x129a3658, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3658) returned 1 [0098.258] SystemFunction036 (in: RandomBuffer=0x129a3668, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3668) returned 1 [0098.258] GetFileType (hFile=0x274) returned 0x1 [0098.258] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0098.258] ReadFile (in: hFile=0x274, lpBuffer=0x129e2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x129e2000*, lpNumberOfBytesRead=0x12b11e80*=0x2bf7, lpOverlapped=0x0) returned 1 [0098.258] GetFileType (hFile=0x274) returned 0x1 [0098.258] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0098.258] WriteFile (in: hFile=0x274, lpBuffer=0x129e6000*, nNumberOfBytesToWrite=0x2c00, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x129e6000*, lpNumberOfBytesWritten=0x12b11e78*=0x2c00, lpOverlapped=0x0) returned 1 [0098.258] GetFileType (hFile=0x274) returned 0x1 [0098.258] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0098.258] SystemFunction036 (in: RandomBuffer=0x1299ac01, RandomBufferLength=0x40 | out: RandomBuffer=0x1299ac01) returned 1 [0098.259] WriteFile (in: hFile=0x274, lpBuffer=0x12810630*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12810630*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0098.259] WriteFile (in: hFile=0x274, lpBuffer=0x1299ad00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1299ad00*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0098.259] CloseHandle (hObject=0x274) returned 1 [0098.261] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\oEH_Z M5ZBY9lEd.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\oeh_z m5zby9led.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\oEH_Z M5ZBY9lEd.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\oeh_z m5zby9led.jpg.crypted"), dwFlags=0x1) returned 1 [0098.261] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\oEH_Z M5ZBY9lEd.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\oeh_z m5zby9led.jpg")) returned 0xffffffff [0098.261] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0098.359] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.003] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.026] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.039] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.066] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.131] SetEvent (hEvent=0x1d0) returned 1 [0099.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\indexed locations.search-ms"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x4377acca, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4377acca, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4377acca, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0099.131] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\indexed locations.search-ms")) returned 0x23 [0099.131] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x22) returned 1 [0099.131] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.131] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0099.131] GetFileType (hFile=0x274) returned 0x1 [0099.131] SystemFunction036 (in: RandomBuffer=0x129310b8, RandomBufferLength=0x10 | out: RandomBuffer=0x129310b8) returned 1 [0099.131] SystemFunction036 (in: RandomBuffer=0x129310c8, RandomBufferLength=0x10 | out: RandomBuffer=0x129310c8) returned 1 [0099.132] GetFileType (hFile=0x274) returned 0x1 [0099.132] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.132] ReadFile (in: hFile=0x274, lpBuffer=0x12ac6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12ac6000*, lpNumberOfBytesRead=0x12a51e80*=0xf8, lpOverlapped=0x0) returned 1 [0099.132] GetFileType (hFile=0x274) returned 0x1 [0099.132] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.132] WriteFile (in: hFile=0x274, lpBuffer=0x12ac2200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12ac2200*, lpNumberOfBytesWritten=0x12a51e78*=0x100, lpOverlapped=0x0) returned 1 [0099.133] GetFileType (hFile=0x274) returned 0x1 [0099.133] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.133] SystemFunction036 (in: RandomBuffer=0x12ac2301, RandomBufferLength=0x40 | out: RandomBuffer=0x12ac2301) returned 1 [0099.133] WriteFile (in: hFile=0x274, lpBuffer=0x1288a598*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a598*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0099.133] WriteFile (in: hFile=0x274, lpBuffer=0x12ac2400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12ac2400*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0099.133] CloseHandle (hObject=0x274) returned 1 [0099.134] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\indexed locations.search-ms"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\indexed locations.search-ms.crypted"), dwFlags=0x1) returned 1 [0099.135] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\indexed locations.search-ms")) returned 0xffffffff [0099.135] VirtualFree (lpAddress=0x12dd8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.135] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.270] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.294] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.311] SetEvent (hEvent=0x260) returned 1 [0099.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\4bqpns7UkgBUaTR.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\4bqpns7ukgbuatr.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda077ed0, ftCreationTime.dwHighDateTime=0x1d7042e, ftLastAccessTime.dwLowDateTime=0x78bf9aa0, ftLastAccessTime.dwHighDateTime=0x1d708d8, ftLastWriteTime.dwLowDateTime=0x78bf9aa0, ftLastWriteTime.dwHighDateTime=0x1d708d8, nFileSizeHigh=0x0, nFileSizeLow=0x11dcc)) returned 1 [0099.311] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\4bqpns7UkgBUaTR.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\4bqpns7ukgbuatr.mp4")) returned 0x20 [0099.311] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\4bqpns7UkgBUaTR.mp4", dwFileAttributes=0x20) returned 1 [0099.311] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\4bqpns7UkgBUaTR.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\4bqpns7ukgbuatr.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.312] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0099.312] GetFileType (hFile=0x274) returned 0x1 [0099.312] GetFileType (hFile=0x274) returned 0x1 [0099.312] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.312] ReadFile (in: hFile=0x274, lpBuffer=0x1288a5a0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a5a0*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0099.312] SystemFunction036 (in: RandomBuffer=0x12931298, RandomBufferLength=0x10 | out: RandomBuffer=0x12931298) returned 1 [0099.312] SystemFunction036 (in: RandomBuffer=0x129312a8, RandomBufferLength=0x10 | out: RandomBuffer=0x129312a8) returned 1 [0099.312] GetFileType (hFile=0x274) returned 0x1 [0099.312] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.312] ReadFile (in: hFile=0x274, lpBuffer=0x12ace000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12ace000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.312] GetFileType (hFile=0x274) returned 0x1 [0099.312] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.313] WriteFile (in: hFile=0x274, lpBuffer=0x12ad4000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12ad4000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.313] GetFileType (hFile=0x274) returned 0x1 [0099.313] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.313] SystemFunction036 (in: RandomBuffer=0x12ac2601, RandomBufferLength=0x40 | out: RandomBuffer=0x12ac2601) returned 1 [0099.313] WriteFile (in: hFile=0x274, lpBuffer=0x1288a5fc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a5fc*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0099.313] WriteFile (in: hFile=0x274, lpBuffer=0x12ac2700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12ac2700*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0099.314] CloseHandle (hObject=0x274) returned 1 [0099.317] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\4bqpns7UkgBUaTR.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\4bqpns7ukgbuatr.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\4bqpns7UkgBUaTR.mp4.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\4bqpns7ukgbuatr.mp4.crypted"), dwFlags=0x1) returned 1 [0099.318] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\4bqpns7UkgBUaTR.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\4bqpns7ukgbuatr.mp4")) returned 0xffffffff [0099.318] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.377] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.413] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.462] SetEvent (hEvent=0x260) returned 1 [0099.462] SetEvent (hEvent=0x1d0) returned 1 [0099.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\yppx1B7j.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\yppx1b7j.flv"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7678edc0, ftCreationTime.dwHighDateTime=0x1d70a7f, ftLastAccessTime.dwLowDateTime=0x8e4b1a90, ftLastAccessTime.dwHighDateTime=0x1d70a7f, ftLastWriteTime.dwLowDateTime=0x8e4b1a90, ftLastWriteTime.dwHighDateTime=0x1d70a7f, nFileSizeHigh=0x0, nFileSizeLow=0x10878)) returned 1 [0099.462] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\yppx1B7j.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\yppx1b7j.flv")) returned 0x20 [0099.462] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\yppx1B7j.flv", dwFileAttributes=0x20) returned 1 [0099.463] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\yppx1B7j.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\yppx1b7j.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.463] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0099.463] GetFileType (hFile=0x274) returned 0x1 [0099.463] GetFileType (hFile=0x274) returned 0x1 [0099.463] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.463] ReadFile (in: hFile=0x274, lpBuffer=0x1288a604, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a604*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0099.463] SystemFunction036 (in: RandomBuffer=0x129313d8, RandomBufferLength=0x10 | out: RandomBuffer=0x129313d8) returned 1 [0099.463] SystemFunction036 (in: RandomBuffer=0x129313e8, RandomBufferLength=0x10 | out: RandomBuffer=0x129313e8) returned 1 [0099.463] GetFileType (hFile=0x274) returned 0x1 [0099.463] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.463] ReadFile (in: hFile=0x274, lpBuffer=0x12b04000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12b04000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.464] GetFileType (hFile=0x274) returned 0x1 [0099.464] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.464] WriteFile (in: hFile=0x274, lpBuffer=0x12b08000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12b08000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.465] GetFileType (hFile=0x274) returned 0x1 [0099.465] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.465] SystemFunction036 (in: RandomBuffer=0x12ac2901, RandomBufferLength=0x40 | out: RandomBuffer=0x12ac2901) returned 1 [0099.466] WriteFile (in: hFile=0x274, lpBuffer=0x1288a660*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a660*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0099.466] WriteFile (in: hFile=0x274, lpBuffer=0x12ac2a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12ac2a00*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0099.466] CloseHandle (hObject=0x274) returned 1 [0099.468] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\yppx1B7j.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\yppx1b7j.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\yppx1B7j.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\yppx1b7j.flv.crypted"), dwFlags=0x1) returned 1 [0099.469] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\yppx1B7j.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\yppx1b7j.flv")) returned 0xffffffff [0099.469] VirtualFree (lpAddress=0x12dcc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.469] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\3Mz6kQ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\3mz6kq.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde093dd0, ftCreationTime.dwHighDateTime=0x1d70798, ftLastAccessTime.dwLowDateTime=0xa46737e0, ftLastAccessTime.dwHighDateTime=0x1d7089b, ftLastWriteTime.dwLowDateTime=0xa46737e0, ftLastWriteTime.dwHighDateTime=0x1d7089b, nFileSizeHigh=0x0, nFileSizeLow=0x8973)) returned 1 [0099.504] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\3Mz6kQ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\3mz6kq.mp4")) returned 0x20 [0099.504] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\3Mz6kQ.mp4", dwFileAttributes=0x20) returned 1 [0099.504] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\3Mz6kQ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\3mz6kq.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.505] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0099.505] GetFileType (hFile=0x274) returned 0x1 [0099.505] GetFileType (hFile=0x274) returned 0x1 [0099.505] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.505] ReadFile (in: hFile=0x274, lpBuffer=0x12900844, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x12900844*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0099.505] SystemFunction036 (in: RandomBuffer=0x1287e7f8, RandomBufferLength=0x10 | out: RandomBuffer=0x1287e7f8) returned 1 [0099.505] SystemFunction036 (in: RandomBuffer=0x1287e808, RandomBufferLength=0x10 | out: RandomBuffer=0x1287e808) returned 1 [0099.505] GetFileType (hFile=0x274) returned 0x1 [0099.505] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0099.505] ReadFile (in: hFile=0x274, lpBuffer=0x12c0c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12c0c000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.506] GetFileType (hFile=0x274) returned 0x1 [0099.506] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0099.506] WriteFile (in: hFile=0x274, lpBuffer=0x12c12000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12c12000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.506] GetFileType (hFile=0x274) returned 0x1 [0099.506] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0099.506] SystemFunction036 (in: RandomBuffer=0x1286ac01, RandomBufferLength=0x40 | out: RandomBuffer=0x1286ac01) returned 1 [0099.506] WriteFile (in: hFile=0x274, lpBuffer=0x129008a0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x129008a0*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0099.506] WriteFile (in: hFile=0x274, lpBuffer=0x1286ad00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x1286ad00*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0099.506] CloseHandle (hObject=0x274) returned 1 [0099.508] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\3Mz6kQ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\3mz6kq.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\3Mz6kQ.mp4.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\3mz6kq.mp4.crypted"), dwFlags=0x1) returned 1 [0099.509] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\3Mz6kQ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\3mz6kq.mp4")) returned 0xffffffff [0099.509] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\bFLtcXnRCEnIr3Q5Ohk.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\bfltcxnrcenir3q5ohk.swf"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fb237b0, ftCreationTime.dwHighDateTime=0x1d7042f, ftLastAccessTime.dwLowDateTime=0x27fa7e80, ftLastAccessTime.dwHighDateTime=0x1d709d9, ftLastWriteTime.dwLowDateTime=0x27fa7e80, ftLastWriteTime.dwHighDateTime=0x1d709d9, nFileSizeHigh=0x0, nFileSizeLow=0xb4d3)) returned 1 [0099.540] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\bFLtcXnRCEnIr3Q5Ohk.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\bfltcxnrcenir3q5ohk.swf")) returned 0x20 [0099.540] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\bFLtcXnRCEnIr3Q5Ohk.swf", dwFileAttributes=0x20) returned 1 [0099.541] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\bFLtcXnRCEnIr3Q5Ohk.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\bfltcxnrcenir3q5ohk.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.541] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0099.541] GetFileType (hFile=0x274) returned 0x1 [0099.541] GetFileType (hFile=0x274) returned 0x1 [0099.541] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.541] ReadFile (in: hFile=0x274, lpBuffer=0x12810784, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x12810784*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0099.541] SystemFunction036 (in: RandomBuffer=0x129fe118, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe118) returned 1 [0099.541] SystemFunction036 (in: RandomBuffer=0x129fe128, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe128) returned 1 [0099.541] VirtualAlloc (lpAddress=0x12c80000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c80000 [0099.542] GetFileType (hFile=0x274) returned 0x1 [0099.542] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.542] ReadFile (in: hFile=0x274, lpBuffer=0x12c80000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x12c80000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.542] VirtualAlloc (lpAddress=0x12c84000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c84000 [0099.543] GetFileType (hFile=0x274) returned 0x1 [0099.543] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.543] WriteFile (in: hFile=0x274, lpBuffer=0x12c84000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x12c84000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.543] GetFileType (hFile=0x274) returned 0x1 [0099.543] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.543] SystemFunction036 (in: RandomBuffer=0x1299b901, RandomBufferLength=0x40 | out: RandomBuffer=0x1299b901) returned 1 [0099.543] VirtualAlloc (lpAddress=0x12c88000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c88000 [0099.546] WriteFile (in: hFile=0x274, lpBuffer=0x128107e0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x128107e0*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0099.546] WriteFile (in: hFile=0x274, lpBuffer=0x1299ba00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1299ba00*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0099.547] CloseHandle (hObject=0x274) returned 1 [0099.548] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\bFLtcXnRCEnIr3Q5Ohk.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\bfltcxnrcenir3q5ohk.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\bFLtcXnRCEnIr3Q5Ohk.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\bfltcxnrcenir3q5ohk.swf.crypted"), dwFlags=0x1) returned 1 [0099.549] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\bFLtcXnRCEnIr3Q5Ohk.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\bfltcxnrcenir3q5ohk.swf")) returned 0xffffffff [0099.549] SetEvent (hEvent=0x1d0) returned 1 [0099.549] VirtualFree (lpAddress=0x12dca000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.550] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.656] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.692] SetEvent (hEvent=0x26c) returned 1 [0099.692] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\nU1mCOq-5XZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\nu1mcoq-5xz.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0c20bb0, ftCreationTime.dwHighDateTime=0x1d70764, ftLastAccessTime.dwLowDateTime=0x1999f590, ftLastAccessTime.dwHighDateTime=0x1d70921, ftLastWriteTime.dwLowDateTime=0x1999f590, ftLastWriteTime.dwHighDateTime=0x1d70921, nFileSizeHigh=0x0, nFileSizeLow=0xf896)) returned 1 [0099.692] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\nU1mCOq-5XZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\nu1mcoq-5xz.mkv")) returned 0x20 [0099.692] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\nU1mCOq-5XZ.mkv", dwFileAttributes=0x20) returned 1 [0099.692] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\nU1mCOq-5XZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\nu1mcoq-5xz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.692] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0099.692] GetFileType (hFile=0x274) returned 0x1 [0099.692] GetFileType (hFile=0x274) returned 0x1 [0099.692] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.692] ReadFile (in: hFile=0x274, lpBuffer=0x1288a6cc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a6cc*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0099.693] SystemFunction036 (in: RandomBuffer=0x12931978, RandomBufferLength=0x10 | out: RandomBuffer=0x12931978) returned 1 [0099.693] SystemFunction036 (in: RandomBuffer=0x12931988, RandomBufferLength=0x10 | out: RandomBuffer=0x12931988) returned 1 [0099.693] GetFileType (hFile=0x274) returned 0x1 [0099.693] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.693] ReadFile (in: hFile=0x274, lpBuffer=0x12b24000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12b24000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.693] GetFileType (hFile=0x274) returned 0x1 [0099.693] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.693] WriteFile (in: hFile=0x274, lpBuffer=0x12b32000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12b32000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.693] GetFileType (hFile=0x274) returned 0x1 [0099.693] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0099.693] SystemFunction036 (in: RandomBuffer=0x12ac2f01, RandomBufferLength=0x40 | out: RandomBuffer=0x12ac2f01) returned 1 [0099.694] WriteFile (in: hFile=0x274, lpBuffer=0x1288a728*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a728*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0099.694] WriteFile (in: hFile=0x274, lpBuffer=0x12ac3000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12ac3000*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0099.694] CloseHandle (hObject=0x274) returned 1 [0099.697] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\nU1mCOq-5XZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\nu1mcoq-5xz.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\nU1mCOq-5XZ.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\nu1mcoq-5xz.mkv.crypted"), dwFlags=0x1) returned 1 [0099.697] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\nU1mCOq-5XZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\nu1mcoq-5xz.mkv")) returned 0xffffffff [0099.697] SetEvent (hEvent=0x1a4) returned 1 [0099.697] VirtualFree (lpAddress=0x12dc4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.698] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.759] SetEvent (hEvent=0x1a4) returned 1 [0099.759] SetEvent (hEvent=0x26c) returned 1 [0099.759] VirtualFree (lpAddress=0x12dc2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.759] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.851] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.869] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.912] SetEvent (hEvent=0x26c) returned 1 [0099.912] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0099.952] SetEvent (hEvent=0x26c) returned 1 [0099.952] SetEvent (hEvent=0x1e4) returned 1 [0099.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93fa0af0, ftCreationTime.dwHighDateTime=0x1d70773, ftLastAccessTime.dwLowDateTime=0x79739c20, ftLastAccessTime.dwHighDateTime=0x1d7078a, ftLastWriteTime.dwLowDateTime=0x79739c20, ftLastWriteTime.dwHighDateTime=0x1d7078a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0099.952] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0099.953] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\*", lpFindFileData=0x128318c8 | out: lpFindFileData=0x128318c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93fa0af0, ftCreationTime.dwHighDateTime=0x1d70773, ftLastAccessTime.dwLowDateTime=0x79739c20, ftLastAccessTime.dwHighDateTime=0x1d7078a, ftLastWriteTime.dwLowDateTime=0x79739c20, ftLastWriteTime.dwHighDateTime=0x1d7078a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0099.953] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93fa0af0, ftCreationTime.dwHighDateTime=0x1d70773, ftLastAccessTime.dwLowDateTime=0x79739c20, ftLastAccessTime.dwHighDateTime=0x1d7078a, ftLastWriteTime.dwLowDateTime=0x79739c20, ftLastWriteTime.dwHighDateTime=0x1d7078a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.953] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5647e50, ftCreationTime.dwHighDateTime=0x1d70309, ftLastAccessTime.dwLowDateTime=0x213dc2a0, ftLastAccessTime.dwHighDateTime=0x1d70358, ftLastWriteTime.dwLowDateTime=0x213dc2a0, ftLastWriteTime.dwHighDateTime=0x1d70358, nFileSizeHigh=0x0, nFileSizeLow=0x4438, dwReserved0=0x0, dwReserved1=0x0, cFileName="LNTYHvH3cg5J_RxZQmO.flv", cAlternateFileName="LNTYHV~1.FLV")) returned 1 [0099.953] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0203bc0, ftCreationTime.dwHighDateTime=0x1d6fcdc, ftLastAccessTime.dwLowDateTime=0xe182b0a0, ftLastAccessTime.dwHighDateTime=0x1d6fee6, ftLastWriteTime.dwLowDateTime=0xe182b0a0, ftLastWriteTime.dwHighDateTime=0x1d6fee6, nFileSizeHigh=0x0, nFileSizeLow=0x35d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="q7 ECMvYSj2UiPE.mp4", cAlternateFileName="Q7ECMV~1.MP4")) returned 1 [0099.953] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c117330, ftCreationTime.dwHighDateTime=0x1d7037f, ftLastAccessTime.dwLowDateTime=0x494318f0, ftLastAccessTime.dwHighDateTime=0x1d705e6, ftLastWriteTime.dwLowDateTime=0x494318f0, ftLastWriteTime.dwHighDateTime=0x1d705e6, nFileSizeHigh=0x0, nFileSizeLow=0xc9c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="yCcF-EtUVUzhsAQ2.flv", cAlternateFileName="YCCF-E~1.FLV")) returned 1 [0099.953] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.953] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0099.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x1283194c | out: lpFileInformation=0x1283194c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.953] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0099.953] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0099.954] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x12831b64 | out: lpMode=0x12831b64) returned 0 [0099.954] GetFileType (hFile=0x2fc) returned 0x1 [0099.954] WriteFile (in: hFile=0x2fc, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831b54, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831b54*=0x2b8, lpOverlapped=0x0) returned 1 [0099.955] CloseHandle (hObject=0x2fc) returned 1 [0099.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\LNTYHvH3cg5J_RxZQmO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\lntyhvh3cg5j_rxzqmo.flv"), fInfoLevelId=0x0, lpFileInformation=0x128319ac | out: lpFileInformation=0x128319ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5647e50, ftCreationTime.dwHighDateTime=0x1d70309, ftLastAccessTime.dwLowDateTime=0x213dc2a0, ftLastAccessTime.dwHighDateTime=0x1d70358, ftLastWriteTime.dwLowDateTime=0x213dc2a0, ftLastWriteTime.dwHighDateTime=0x1d70358, nFileSizeHigh=0x0, nFileSizeLow=0x4438)) returned 1 [0099.955] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12b40000*, nNumberOfCharsToWrite=0x6a, lpNumberOfCharsWritten=0x128316a8, lpReserved=0x0 | out: lpBuffer=0x12b40000*, lpNumberOfCharsWritten=0x128316a8*=0x6a) returned 1 [0099.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\q7 ECMvYSj2UiPE.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\q7 ecmvysj2uipe.mp4"), fInfoLevelId=0x0, lpFileInformation=0x128319ac | out: lpFileInformation=0x128319ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0203bc0, ftCreationTime.dwHighDateTime=0x1d6fcdc, ftLastAccessTime.dwLowDateTime=0xe182b0a0, ftLastAccessTime.dwHighDateTime=0x1d6fee6, ftLastWriteTime.dwLowDateTime=0xe182b0a0, ftLastWriteTime.dwHighDateTime=0x1d6fee6, nFileSizeHigh=0x0, nFileSizeLow=0x35d3)) returned 1 [0099.967] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129f80d0*, nNumberOfCharsToWrite=0x66, lpNumberOfCharsWritten=0x128316a8, lpReserved=0x0 | out: lpBuffer=0x129f80d0*, lpNumberOfCharsWritten=0x128316a8*=0x66) returned 1 [0100.002] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\yCcF-EtUVUzhsAQ2.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\yccf-etuvuzhsaq2.flv"), fInfoLevelId=0x0, lpFileInformation=0x128319ac | out: lpFileInformation=0x128319ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c117330, ftCreationTime.dwHighDateTime=0x1d7037f, ftLastAccessTime.dwLowDateTime=0x494318f0, ftLastAccessTime.dwHighDateTime=0x1d705e6, ftLastWriteTime.dwLowDateTime=0x494318f0, ftLastWriteTime.dwHighDateTime=0x1d705e6, nFileSizeHigh=0x0, nFileSizeLow=0xc9c7)) returned 1 [0100.002] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x129f8270*, nNumberOfCharsToWrite=0x67, lpNumberOfCharsWritten=0x128316a8, lpReserved=0x0 | out: lpBuffer=0x129f8270*, lpNumberOfCharsWritten=0x128316a8*=0x67) returned 1 [0100.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77"), fInfoLevelId=0x0, lpFileInformation=0x12831a14 | out: lpFileInformation=0x12831a14*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70f3fbc0, ftCreationTime.dwHighDateTime=0x1d6feb2, ftLastAccessTime.dwLowDateTime=0x4e23daa0, ftLastAccessTime.dwHighDateTime=0x1d6fefa, ftLastWriteTime.dwLowDateTime=0x4e23daa0, ftLastWriteTime.dwHighDateTime=0x1d6fefa, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.021] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0100.021] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\*", lpFindFileData=0x128318c8 | out: lpFindFileData=0x128318c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70f3fbc0, ftCreationTime.dwHighDateTime=0x1d6feb2, ftLastAccessTime.dwLowDateTime=0x4e23daa0, ftLastAccessTime.dwHighDateTime=0x1d6fefa, ftLastWriteTime.dwLowDateTime=0x4e23daa0, ftLastWriteTime.dwHighDateTime=0x1d6fefa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0100.022] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x70f3fbc0, ftCreationTime.dwHighDateTime=0x1d6feb2, ftLastAccessTime.dwLowDateTime=0x4e23daa0, ftLastAccessTime.dwHighDateTime=0x1d6fefa, ftLastWriteTime.dwLowDateTime=0x4e23daa0, ftLastWriteTime.dwHighDateTime=0x1d6fefa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.022] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf15ad3b0, ftCreationTime.dwHighDateTime=0x1d6fae3, ftLastAccessTime.dwLowDateTime=0x89a43a20, ftLastAccessTime.dwHighDateTime=0x1d70a03, ftLastWriteTime.dwLowDateTime=0x89a43a20, ftLastWriteTime.dwHighDateTime=0x1d70a03, nFileSizeHigh=0x0, nFileSizeLow=0x10b5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="76tOSW6xWOy.flv", cAlternateFileName="76TOSW~1.FLV")) returned 1 [0100.022] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafa2b9b0, ftCreationTime.dwHighDateTime=0x1d6fa16, ftLastAccessTime.dwLowDateTime=0x9a15c1b0, ftLastAccessTime.dwHighDateTime=0x1d6fab5, ftLastWriteTime.dwLowDateTime=0x9a15c1b0, ftLastWriteTime.dwHighDateTime=0x1d6fab5, nFileSizeHigh=0x0, nFileSizeLow=0xa841, dwReserved0=0x0, dwReserved1=0x0, cFileName="gwZvyQHZjiAyvA06ZZ.mkv", cAlternateFileName="GWZVYQ~1.MKV")) returned 1 [0100.022] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cddc910, ftCreationTime.dwHighDateTime=0x1d70605, ftLastAccessTime.dwLowDateTime=0xe7dcab30, ftLastAccessTime.dwHighDateTime=0x1d70919, ftLastWriteTime.dwLowDateTime=0xe7dcab30, ftLastWriteTime.dwHighDateTime=0x1d70919, nFileSizeHigh=0x0, nFileSizeLow=0x160db, dwReserved0=0x0, dwReserved1=0x0, cFileName="HF2gq.flv", cAlternateFileName="")) returned 1 [0100.022] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128318c4 | out: lpFindFileData=0x128318c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.022] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0100.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x1283194c | out: lpFileInformation=0x1283194c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.022] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0100.022] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.053] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831b64 | out: lpMode=0x12831b64) returned 0 [0100.053] GetFileType (hFile=0x274) returned 0x1 [0100.053] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831b54, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831b54*=0x2b8, lpOverlapped=0x0) returned 1 [0100.054] CloseHandle (hObject=0x274) returned 1 [0100.054] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\76tOSW6xWOy.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\76tosw6xwoy.flv"), fInfoLevelId=0x0, lpFileInformation=0x128319ac | out: lpFileInformation=0x128319ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf15ad3b0, ftCreationTime.dwHighDateTime=0x1d6fae3, ftLastAccessTime.dwLowDateTime=0x89a43a20, ftLastAccessTime.dwHighDateTime=0x1d70a03, ftLastWriteTime.dwLowDateTime=0x89a43a20, ftLastWriteTime.dwHighDateTime=0x1d70a03, nFileSizeHigh=0x0, nFileSizeLow=0x10b5c)) returned 1 [0100.054] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12cb0840*, nNumberOfCharsToWrite=0x58, lpNumberOfCharsWritten=0x128316a8, lpReserved=0x0 | out: lpBuffer=0x12cb0840*, lpNumberOfCharsWritten=0x128316a8*=0x58) returned 1 [0100.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\HF2gq.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\hf2gq.flv"), fInfoLevelId=0x0, lpFileInformation=0x128319ac | out: lpFileInformation=0x128319ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cddc910, ftCreationTime.dwHighDateTime=0x1d70605, ftLastAccessTime.dwLowDateTime=0xe7dcab30, ftLastAccessTime.dwHighDateTime=0x1d70919, ftLastWriteTime.dwLowDateTime=0xe7dcab30, ftLastWriteTime.dwHighDateTime=0x1d70919, nFileSizeHigh=0x0, nFileSizeLow=0x160db)) returned 1 [0100.085] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12cb08f0*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0x128316a8, lpReserved=0x0 | out: lpBuffer=0x12cb08f0*, lpNumberOfCharsWritten=0x128316a8*=0x52) returned 1 [0100.111] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\gwZvyQHZjiAyvA06ZZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\gwzvyqhzjiayva06zz.mkv"), fInfoLevelId=0x0, lpFileInformation=0x128319ac | out: lpFileInformation=0x128319ac*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafa2b9b0, ftCreationTime.dwHighDateTime=0x1d6fa16, ftLastAccessTime.dwLowDateTime=0x9a15c1b0, ftLastAccessTime.dwHighDateTime=0x1d6fab5, ftLastWriteTime.dwLowDateTime=0x9a15c1b0, ftLastWriteTime.dwHighDateTime=0x1d6fab5, nFileSizeHigh=0x0, nFileSizeLow=0xa841)) returned 1 [0100.111] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128d2180*, nNumberOfCharsToWrite=0x5f, lpNumberOfCharsWritten=0x128316a8, lpReserved=0x0 | out: lpBuffer=0x128d2180*, lpNumberOfCharsWritten=0x128316a8*=0x5f) returned 1 [0100.134] SetEvent (hEvent=0x26c) returned 1 [0100.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\mCVrQ3VNk3q9t.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\mcvrq3vnk3q9t.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831a7c | out: lpFileInformation=0x12831a7c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34487180, ftCreationTime.dwHighDateTime=0x1d6fa32, ftLastAccessTime.dwLowDateTime=0xadad9ad0, ftLastAccessTime.dwHighDateTime=0x1d6faa2, ftLastWriteTime.dwLowDateTime=0xadad9ad0, ftLastWriteTime.dwHighDateTime=0x1d6faa2, nFileSizeHigh=0x0, nFileSizeLow=0x2186)) returned 1 [0100.134] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c2e0a0*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0x12831778, lpReserved=0x0 | out: lpBuffer=0x12c2e0a0*, lpNumberOfCharsWritten=0x12831778*=0x4c) returned 1 [0100.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\MF gNOEL8QBz.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\mf gnoel8qbz.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8eeea1c0, ftCreationTime.dwHighDateTime=0x1d6fc82, ftLastAccessTime.dwLowDateTime=0x3a5da350, ftLastAccessTime.dwHighDateTime=0x1d6feb1, ftLastWriteTime.dwLowDateTime=0x3a5da350, ftLastWriteTime.dwHighDateTime=0x1d6feb1, nFileSizeHigh=0x0, nFileSizeLow=0x27fb)) returned 1 [0100.159] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c28240*, nNumberOfCharsToWrite=0x46, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12c28240*, lpNumberOfCharsWritten=0x128317e0*=0x46) returned 1 [0100.199] SetEvent (hEvent=0x260) returned 1 [0100.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\OPzgr0G4CKXjB.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\opzgr0g4ckxjb.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc67f9520, ftCreationTime.dwHighDateTime=0x1d6fcf7, ftLastAccessTime.dwLowDateTime=0x725ced10, ftLastAccessTime.dwHighDateTime=0x1d6ff1f, ftLastWriteTime.dwLowDateTime=0x725ced10, ftLastWriteTime.dwHighDateTime=0x1d6ff1f, nFileSizeHigh=0x0, nFileSizeLow=0x9383)) returned 1 [0100.200] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c28360*, nNumberOfCharsToWrite=0x47, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12c28360*, lpNumberOfCharsWritten=0x128317e0*=0x47) returned 1 [0100.222] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\_eDGK9.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\_edgk9.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98e77ab0, ftCreationTime.dwHighDateTime=0x1d701e3, ftLastAccessTime.dwLowDateTime=0xf084a150, ftLastAccessTime.dwHighDateTime=0x1d7048e, ftLastWriteTime.dwLowDateTime=0xf084a150, ftLastWriteTime.dwHighDateTime=0x1d7048e, nFileSizeHigh=0x0, nFileSizeLow=0x313b)) returned 1 [0100.223] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12970400*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12970400*, lpNumberOfCharsWritten=0x128317e0*=0x40) returned 1 [0100.265] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\er5glMfqhf7.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\er5glmfqhf7.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea11fbf0, ftCreationTime.dwHighDateTime=0x1d6fada, ftLastAccessTime.dwLowDateTime=0xc0cb8e90, ftLastAccessTime.dwHighDateTime=0x1d6ffa9, ftLastWriteTime.dwLowDateTime=0xc0cb8e90, ftLastWriteTime.dwHighDateTime=0x1d6ffa9, nFileSizeHigh=0x0, nFileSizeLow=0x1539d)) returned 1 [0100.265] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c283f0*, nNumberOfCharsToWrite=0x45, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12c283f0*, lpNumberOfCharsWritten=0x128317e0*=0x45) returned 1 [0100.278] SetEvent (hEvent=0x26c) returned 1 [0100.279] VirtualAlloc (lpAddress=0x12c3a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c3a000 [0100.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\nbeBLlR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\nbebllr.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7b25d00, ftCreationTime.dwHighDateTime=0x1d707b1, ftLastAccessTime.dwLowDateTime=0x3c0499d0, ftLastAccessTime.dwHighDateTime=0x1d707f7, ftLastWriteTime.dwLowDateTime=0x3c0499d0, ftLastWriteTime.dwHighDateTime=0x1d707f7, nFileSizeHigh=0x0, nFileSizeLow=0xaa6c)) returned 1 [0100.280] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c28480*, nNumberOfCharsToWrite=0x41, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12c28480*, lpNumberOfCharsWritten=0x128317e0*=0x41) returned 1 [0100.306] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4347fe61, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0100.306] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa364b620, ftCreationTime.dwHighDateTime=0x1d6fd91, ftLastAccessTime.dwLowDateTime=0x692ba780, ftLastAccessTime.dwHighDateTime=0x1d700dd, ftLastWriteTime.dwLowDateTime=0x692ba780, ftLastWriteTime.dwHighDateTime=0x1d700dd, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.306] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0100.306] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\*", lpFindFileData=0x12831a00 | out: lpFindFileData=0x12831a00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa364b620, ftCreationTime.dwHighDateTime=0x1d6fd91, ftLastAccessTime.dwLowDateTime=0x692ba780, ftLastAccessTime.dwHighDateTime=0x1d700dd, ftLastWriteTime.dwLowDateTime=0x692ba780, ftLastWriteTime.dwHighDateTime=0x1d700dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0100.306] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa364b620, ftCreationTime.dwHighDateTime=0x1d6fd91, ftLastAccessTime.dwLowDateTime=0x692ba780, ftLastAccessTime.dwHighDateTime=0x1d700dd, ftLastWriteTime.dwLowDateTime=0x692ba780, ftLastWriteTime.dwHighDateTime=0x1d700dd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.306] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda83c430, ftCreationTime.dwHighDateTime=0x1d70722, ftLastAccessTime.dwLowDateTime=0x76d614b0, ftLastAccessTime.dwHighDateTime=0x1d70989, ftLastWriteTime.dwLowDateTime=0x76d614b0, ftLastWriteTime.dwHighDateTime=0x1d70989, nFileSizeHigh=0x0, nFileSizeLow=0x16b2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="jtAx.avi", cAlternateFileName="")) returned 1 [0100.306] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f758a80, ftCreationTime.dwHighDateTime=0x1d704aa, ftLastAccessTime.dwLowDateTime=0x5f37f6b0, ftLastAccessTime.dwHighDateTime=0x1d70598, ftLastWriteTime.dwLowDateTime=0x5f37f6b0, ftLastWriteTime.dwHighDateTime=0x1d70598, nFileSizeHigh=0x0, nFileSizeLow=0x112f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="W6cGYh-ZpuhCp.flv", cAlternateFileName="W6CGYH~1.FLV")) returned 1 [0100.307] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x128319fc | out: lpFindFileData=0x128319fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.307] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0100.307] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\read_me_unlock.txt"), fInfoLevelId=0x0, lpFileInformation=0x12831a84 | out: lpFileInformation=0x12831a84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.307] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\read_me_unlock.txt"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffff [0100.307] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW/read_me_unlock.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\read_me_unlock.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.307] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12831c9c | out: lpMode=0x12831c9c) returned 0 [0100.307] GetFileType (hFile=0x274) returned 0x1 [0100.307] WriteFile (in: hFile=0x274, lpBuffer=0x3b71e0*, nNumberOfBytesToWrite=0x2b8, lpNumberOfBytesWritten=0x12831c8c, lpOverlapped=0x0 | out: lpBuffer=0x3b71e0*, lpNumberOfBytesWritten=0x12831c8c*=0x2b8, lpOverlapped=0x0) returned 1 [0100.308] CloseHandle (hObject=0x274) returned 1 [0100.308] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\W6cGYh-ZpuhCp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\w6cgyh-zpuhcp.flv"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f758a80, ftCreationTime.dwHighDateTime=0x1d704aa, ftLastAccessTime.dwLowDateTime=0x5f37f6b0, ftLastAccessTime.dwHighDateTime=0x1d70598, ftLastWriteTime.dwLowDateTime=0x5f37f6b0, ftLastWriteTime.dwHighDateTime=0x1d70598, nFileSizeHigh=0x0, nFileSizeLow=0x112f9)) returned 1 [0100.309] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12882500*, nNumberOfCharsToWrite=0x3a, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x12882500*, lpNumberOfCharsWritten=0x128317e0*=0x3a) returned 1 [0100.350] SetEvent (hEvent=0x1d0) returned 1 [0100.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\p8tW\\jtAx.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\p8tw\\jtax.avi"), fInfoLevelId=0x0, lpFileInformation=0x12831ae4 | out: lpFileInformation=0x12831ae4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda83c430, ftCreationTime.dwHighDateTime=0x1d70722, ftLastAccessTime.dwLowDateTime=0x76d614b0, ftLastAccessTime.dwHighDateTime=0x1d70989, ftLastWriteTime.dwLowDateTime=0x76d614b0, ftLastWriteTime.dwHighDateTime=0x1d70989, nFileSizeHigh=0x0, nFileSizeLow=0x16b2f)) returned 1 [0100.350] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1283c5b0*, nNumberOfCharsToWrite=0x31, lpNumberOfCharsWritten=0x128317e0, lpReserved=0x0 | out: lpBuffer=0x1283c5b0*, lpNumberOfCharsWritten=0x128317e0*=0x31) returned 1 [0100.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\umJF5l KUU0k.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\umjf5l kuu0k.flv"), fInfoLevelId=0x0, lpFileInformation=0x12831b4c | out: lpFileInformation=0x12831b4c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6b6400, ftCreationTime.dwHighDateTime=0x1d6fbe1, ftLastAccessTime.dwLowDateTime=0x9993e690, ftLastAccessTime.dwHighDateTime=0x1d6fede, ftLastWriteTime.dwLowDateTime=0x9993e690, ftLastWriteTime.dwHighDateTime=0x1d6fede, nFileSizeHigh=0x0, nFileSizeLow=0x1311b)) returned 1 [0100.376] VirtualAlloc (lpAddress=0x12c36000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c36000 [0100.377] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12c36000*, nNumberOfCharsToWrite=0x34, lpNumberOfCharsWritten=0x12831848, lpReserved=0x0 | out: lpBuffer=0x12c36000*, lpNumberOfCharsWritten=0x12831848*=0x34) returned 1 [0100.395] SetEvent (hEvent=0x260) returned 1 [0100.395] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.dat.LOG1" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat.log1"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d2dc444, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x70000)) returned 1 [0100.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.dat.LOG2" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat.log2"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d2dc444, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x76000)) returned 1 [0100.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831bb4 | out: lpFileInformation=0x12831bb4*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x14)) returned 1 [0100.398] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x12816a00*, nNumberOfCharsToWrite=0x24, lpNumberOfCharsWritten=0x128318b0, lpReserved=0x0 | out: lpBuffer=0x12816a00*, lpNumberOfCharsWritten=0x128318b0*=0x24) returned 1 [0100.422] SetEvent (hEvent=0x1e4) returned 1 [0100.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x12831c1c | out: lpFileInformation=0x12831c1c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3757c8c, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x973af366, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x973af366, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0100.422] GetFileAttributesExW (in: lpFileName="C:\\Windows" (normalized: "c:\\windows"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0100.422] CreateFileW (lpFileName="C:\\Windows" (normalized: "c:\\windows"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0100.423] FindFirstFileW (in: lpFileName="C:\\Windows\\*", lpFindFileData=0x12831b38 | out: lpFindFileData=0x12831b38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x9af820 [0100.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x383caa7, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x383caa7, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="addins", cAlternateFileName="")) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xdc4d01, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xdc4d01, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="appcompat", cAlternateFileName="APPCOM~1")) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd313219, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd313219, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppPatch", cAlternateFileName="")) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x22e61277, ftLastAccessTime.dwHighDateTime=0x1d70503, ftLastWriteTime.dwLowDateTime=0x22e61277, ftLastWriteTime.dwHighDateTime=0x1d70503, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppReadiness", cAlternateFileName="APPREA~1")) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9d1522, ftLastAccessTime.dwHighDateTime=0x1d705f0, ftLastWriteTime.dwLowDateTime=0x9d1522, ftLastWriteTime.dwHighDateTime=0x1d705f0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="assembly", cAlternateFileName="")) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3888f58, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3888f58, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcastdvr", cAlternateFileName="")) returned 1 [0100.423] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1425a437, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1425a437, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14280695, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf200, dwReserved0=0x0, dwReserved1=0x0, cFileName="bfsvc.exe", cAlternateFileName="")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x6ec87d0d, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6ecfa42d, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6ecfa42d, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BitLockerDiscoveryVolumeContents", cAlternateFileName="BITLOC~1")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xe111b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xe111b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0100.424] VirtualAlloc (lpAddress=0x12c46000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c46000 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x9012b7dc, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x9012b7dc, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x4bec724c, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x10800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootstat.dat", cAlternateFileName="")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe111b6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xe111b6, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xe111b6, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Branding", cAlternateFileName="")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x388963fa, ftCreationTime.dwHighDateTime=0x1d112e2, ftLastAccessTime.dwLowDateTime=0x77a1c398, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x77a1c398, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CbsTemp", cAlternateFileName="")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9a60a69, ftCreationTime.dwHighDateTime=0x1d70067, ftLastAccessTime.dwLowDateTime=0xd9a60a69, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xd9a60a69, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CSC", cAlternateFileName="")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe111b6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3b5dc04, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3b5dc04, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cursors", cAlternateFileName="")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe111b6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x87c914ec, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x87c914ec, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="debug", cAlternateFileName="")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xe111b6, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x3b5dc04, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x3b5dc04, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DesktopTileResources", cAlternateFileName="DESKTO~1")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xe37410, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9559687a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x9559687a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DevicesFlow", cAlternateFileName="DEVICE~1")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe37410, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xe37410, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xe37410, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="diagnostics", cAlternateFileName="DIAGNO~1")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd3f8070, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd3f8070, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd3f8070, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigitalLocker", cAlternateFileName="DIGITA~1")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xe5d667, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x4022730, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x4022730, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloaded Program Files", cAlternateFileName="DOWNLO~1")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37f054c7, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x37f054c7, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xbaa4d45e, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x6b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="DtcInstall.log", cAlternateFileName="DTCINS~1.LOG")) returned 1 [0100.424] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xe5d667, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x4022730, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x4022730, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ELAMBKUP", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd3f8070, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xbd41e2a2, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd41e2a2, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x220ad5e0, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x220ad5e0, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x220ad5e0, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x44b550, dwReserved0=0x0, dwReserved1=0x0, cFileName="explorer.exe", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x15, ftCreationTime.dwLowDateTime=0xe5d667, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x2bf387cd, ftLastAccessTime.dwHighDateTime=0x1d705ed, ftLastWriteTime.dwLowDateTime=0x2bf387cd, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5d667, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xe5d667, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xe5d667, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Globalization", cAlternateFileName="GLOBAL~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5d667, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd41e2a2, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd41e2a2, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x192f7b5f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x192f7b5f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x192f7b5f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xf2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="HelpPane.exe", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1883d233, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x1883d233, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x1883d233, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="hh.exe", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe838c5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xbd44450f, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd44450f, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IME", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xe838c5, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5eeea3fc, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5eeea3fc, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImmersiveControlPanel", cAlternateFileName="IMMERS~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa31f8be1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f8c0dca, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x667e5f3f, ftLastWriteTime.dwHighDateTime=0x1d705f0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="INF", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef5fd1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xef5fd1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xef5fd1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfusedApps", cAlternateFileName="INFUSE~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef5fd1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xef5fd1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xef5fd1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="InputMethod", cAlternateFileName="INPUTM~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xef5fd1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x63d4f3ad, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x63d4f3ad, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Installer", cAlternateFileName="INSTAL~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef5fd1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x4d1939a, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x4d1939a, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="L2Schemas", cAlternateFileName="L2SCHE~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef5fd1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xef5fd1, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xef5fd1, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LiveKernelReports", cAlternateFileName="LIVEKE~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8cf3e7ab, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x1a869a96, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x6449ebcb, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87e0eb86, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x87e0eb86, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x87e0eb86, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x540, dwReserved0=0x0, dwReserved1=0x0, cFileName="lsasetup.log", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x15, ftCreationTime.dwLowDateTime=0xef5fd1, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x4dfe1b9, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x4dfe1b9, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10293695, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x10293695, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x10293695, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xa87b, dwReserved0=0x0, dwReserved1=0x0, cFileName="mib.bin", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x824a005, ftLastAccessTime.dwHighDateTime=0x1d705f0, ftLastWriteTime.dwLowDateTime=0x824a005, ftLastWriteTime.dwHighDateTime=0x1d705f0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET", cAlternateFileName="MICROS~1.NET")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf686e4, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xf686e4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xf686e4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Migration", cAlternateFileName="MIGRAT~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf686e4, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x9f657f27, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x9f657f27, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MiracastView", cAlternateFileName="MIRACA~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf686e4, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xf686e4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xf686e4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ModemLogs", cAlternateFileName="MODEML~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x505b5aa3, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x505b5aa3, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x505b5aa3, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x3bc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="notepad.exe", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe139e089, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xe139e089, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xe139e089, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OCR", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf686e4, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x61f5c95, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x61f5c95, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Offline Web Pages", cAlternateFileName="OFFLIN~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7f8fa6db, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x4fa275ed, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x4fa4d76f, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Panther", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf686e4, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xf686e4, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xf686e4, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Performance", cAlternateFileName="PERFOR~1")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf686e4, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xf8e937, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xf8e937, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PLA", cAlternateFileName="")) returned 1 [0100.425] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8e937, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6ee9dc43, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6ee9dc43, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PolicyDefinitions", cAlternateFileName="POLICY~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x938e66c3, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x6a0d22f0, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x6a0d22f0, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Prefetch", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf8e937, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xa039b1b2, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xa039b1b2, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrintDialog", cAlternateFileName="PRINTD~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96b1269a, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x96b1269a, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x3ac00f7d, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x7dc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Professional.xml", cAlternateFileName="PROFES~1.XML")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8e937, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6300d36, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x6300d36, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Provisioning", cAlternateFileName="PROVIS~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xf8e937, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xaaed1dd9, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xaaed1dd9, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PurchaseDialog", cAlternateFileName="PURCHA~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14eb873f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x14eb873f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x14eb873f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4e400, dwReserved0=0x0, dwReserved1=0x0, cFileName="regedit.exe", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8e937, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x637340b, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x637340b, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Registration", cAlternateFileName="REGIST~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8e937, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x45fab79b, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x45fab79b, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rescache", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8e937, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xf8e937, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xf8e937, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8e937, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xf8e937, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xf8e937, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SchCache", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8e937, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xfb4b8d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xfb4b8d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="schemas", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb4b8d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f04186d, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f04186d, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="security", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x506c8f22, ftCreationTime.dwHighDateTime=0x1d112f3, ftLastAccessTime.dwLowDateTime=0x88109cb8, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x88109cb8, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ServiceProfiles", cAlternateFileName="SERVIC~2")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xbd54f5be, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xbd54f5be, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="servicing", cAlternateFileName="SERVIC~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50226d22, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x50226d22, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x50226d22, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8cb14070, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8cb14070, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8f64ac44, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0xf45, dwReserved0=0x0, dwReserved1=0x0, cFileName="setupact.log", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8cb14070, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8cb14070, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8cb14070, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setuperr.log", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f04186d, ftCreationTime.dwHighDateTime=0x1d112f2, ftLastAccessTime.dwLowDateTime=0x6f067ab4, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f067ab4, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellNew", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd13c1c8a, ftCreationTime.dwHighDateTime=0x1d112f1, ftLastAccessTime.dwLowDateTime=0xd13c1c8a, ftLastAccessTime.dwHighDateTime=0x1d112f1, ftLastWriteTime.dwLowDateTime=0xd13c1c8a, ftLastWriteTime.dwHighDateTime=0x1d112f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SKB", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x675574ee, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0xdfc2100c, ftLastAccessTime.dwHighDateTime=0x1d70067, ftLastWriteTime.dwLowDateTime=0xdfc2100c, ftLastWriteTime.dwHighDateTime=0x1d70067, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoftwareDistribution", cAlternateFileName="SOFTWA~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb4b8d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xfb4b8d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xfb4b8d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb4b8d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xfb4b8d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xfb4b8d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech_OneCore", cAlternateFileName="SPEECH~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x213b6972, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x213b6972, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x213dcbcc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x1f400, dwReserved0=0x0, dwReserved1=0x0, cFileName="splwow64.exe", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfb4b8d, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xfb4b8d, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xfb4b8d, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x383caa7, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97447ccc, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97447ccc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="system.ini", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x6688eacf, ftLastAccessTime.dwHighDateTime=0x1d705f0, ftLastWriteTime.dwLowDateTime=0x6688eacf, ftLastWriteTime.dwHighDateTime=0x1d705f0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x13e0d5f, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x6f95896c, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x6f95896c, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemApps", cAlternateFileName="SYSTEM~1")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14796bd, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x149f91c, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x149f91c, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemResources", cAlternateFileName="SYSTEM~2")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x35938b58, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xe0e516ca, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xe0e516ca, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysWOW64", cAlternateFileName="")) returned 1 [0100.426] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16b59ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x16b59ff, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x16b59ff, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TAPI", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16b59ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5f793717, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5f793717, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tasks", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16b59ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x51ac6a7b, ftLastAccessTime.dwHighDateTime=0x1d70a81, ftLastWriteTime.dwLowDateTime=0x51ac6a7b, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16b59ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x16b59ff, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x16b59ff, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tracing", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16b59ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd761812, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd761812, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="twain_32", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5139153c, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x5139153c, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x5139153c, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xec00, dwReserved0=0x0, dwReserved1=0x0, cFileName="twain_32.dll", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16b59ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x16b59ff, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0x16b59ff, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vss", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x16b59ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x706c1e39, ftLastAccessTime.dwHighDateTime=0x1d112f2, ftLastWriteTime.dwLowDateTime=0x706c1e39, ftLastWriteTime.dwHighDateTime=0x1d112f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x383caa7, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97447ccc, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97447ccc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="win.ini", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x252e4dc1, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x252e4dc1, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x252e4dc1, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x29e, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsShell.Manifest", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x675574ee, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x675574ee, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x46575067, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x113, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate.log", cAlternateFileName="WINDOW~1.LOG")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d082a6f, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x2d082a6f, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x2d082a6f, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="winhlp32.exe", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xea67facf, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xea67facf, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinSxS", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x342f36fd, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x342f36fd, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x342f36fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x4d4e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WMSysPr9.prx", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x245a1c9a, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x245a1c9a, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x245a1c9a, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="write.exe", cAlternateFileName="")) returned 1 [0100.427] FindNextFileW (in: hFindFile=0x9af820, lpFindFileData=0x12831b34 | out: lpFindFileData=0x12831b34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.430] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0100.430] GetFileAttributesExW (in: lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xe47a48a8, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x78ab5a49, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x61b64)) returned 1 [0100.458] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x128fc0f0*, nNumberOfCharsToWrite=0x12, lpNumberOfCharsWritten=0x12831980, lpReserved=0x0 | out: lpBuffer=0x128fc0f0*, lpNumberOfCharsWritten=0x12831980*=0x12) returned 1 [0100.511] SetEvent (hEvent=0x1a4) returned 1 [0100.511] GetFileAttributesExW (in: lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.512] FindFirstFileW (in: lpFileName="C:\\hiberfil.sys", lpFindFileData=0x128319f4 | out: lpFindFileData=0x128319f4*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x551dbbfd, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x551dbbfd, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0xaa715a5, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x332fe000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 0x9af820 [0100.512] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0100.512] GetFileAttributesExW (in: lpFileName="C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.512] FindFirstFileW (in: lpFileName="C:\\pagefile.sys", lpFindFileData=0x128319f4 | out: lpFindFileData=0x128319f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x85890a37, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x85890a37, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0xb7ec065, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x48000000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 0x9af820 [0100.512] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0100.512] GetFileAttributesExW (in: lpFileName="C:\\swapfile.sys" (normalized: "c:\\swapfile.sys"), fInfoLevelId=0x0, lpFileInformation=0x12831c84 | out: lpFileInformation=0x12831c84*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.512] FindFirstFileW (in: lpFileName="C:\\swapfile.sys", lpFindFileData=0x128319f4 | out: lpFindFileData=0x128319f4*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x858b6c65, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x858b6c65, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0xb8121ae, ftLastWriteTime.dwHighDateTime=0x1d70a81, nFileSizeHigh=0x0, nFileSizeLow=0x10000000, dwReserved0=0x0, dwReserved1=0x0, cFileName="swapfile.sys", cAlternateFileName="")) returned 0x9af820 [0100.512] FindClose (in: hFindFile=0x9af820 | out: hFindFile=0x9af820) returned 1 [0100.512] GetFileAttributesExW (in: lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), fInfoLevelId=0x0, lpFileInformation=0x12831c44 | out: lpFileInformation=0x12831c44*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xe47a48a8, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x78ab5a49, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x2feb42d5, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x61b64)) returned 1 [0100.513] GetFileAttributesW (lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr")) returned 0x27 [0100.513] SetFileAttributesW (lpFileName="C:\\bootmgr", dwFileAttributes=0x26) returned 0 [0100.513] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0100.521] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0100.624] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0100.672] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0100.703] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0100.768] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0100.805] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0100.808] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0100.847] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0100.918] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0101.085] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0101.136] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0101.229] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0101.323] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0101.372] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0101.472] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) returned 0x0 [0101.484] WaitForSingleObject (hHandle=0x278, dwMilliseconds=0xffffffff) Thread: id = 33 os_tid = 0x13a0 [0094.422] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3466ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3466ff28*=0x25c) returned 1 [0094.422] VirtualQuery (in: lpAddress=0x3466ff38, lpBuffer=0x3466ff38, dwLength=0x1c | out: lpBuffer=0x3466ff38*(BaseAddress=0x3466f000, AllocationBase=0x34570000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.422] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x260 [0094.422] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x264 [0094.422] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0094.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\p6jHL.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\p6jhl.avi"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0d9e60, ftCreationTime.dwHighDateTime=0x1d7094e, ftLastAccessTime.dwLowDateTime=0xe755dd30, ftLastAccessTime.dwHighDateTime=0x1d70a04, ftLastWriteTime.dwLowDateTime=0xe755dd30, ftLastWriteTime.dwHighDateTime=0x1d70a04, nFileSizeHigh=0x0, nFileSizeLow=0x1325c)) returned 1 [0094.523] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\p6jHL.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\p6jhl.avi")) returned 0x20 [0094.523] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\p6jHL.avi", dwFileAttributes=0x20) returned 1 [0094.523] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\p6jHL.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\p6jhl.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0094.523] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0x12917e88 | out: lpMode=0x12917e88) returned 0 [0094.523] GetFileType (hFile=0x164) returned 0x1 [0094.523] GetFileType (hFile=0x164) returned 0x1 [0094.523] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.523] ReadFile (in: hFile=0x164, lpBuffer=0x1290083c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12917d14, lpOverlapped=0x0 | out: lpBuffer=0x1290083c*, lpNumberOfBytesRead=0x12917d14*=0x4, lpOverlapped=0x0) returned 1 [0094.523] SystemFunction036 (in: RandomBuffer=0x12931608, RandomBufferLength=0x10 | out: RandomBuffer=0x12931608) returned 1 [0094.523] SystemFunction036 (in: RandomBuffer=0x12931618, RandomBufferLength=0x10 | out: RandomBuffer=0x12931618) returned 1 [0094.524] VirtualAlloc (lpAddress=0x12acc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12acc000 [0094.524] GetFileType (hFile=0x164) returned 0x1 [0094.524] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0094.524] ReadFile (in: hFile=0x164, lpBuffer=0x12acc000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12917e80, lpOverlapped=0x0 | out: lpBuffer=0x12acc000*, lpNumberOfBytesRead=0x12917e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.524] VirtualAlloc (lpAddress=0x12ad0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ad0000 [0094.525] GetFileType (hFile=0x164) returned 0x1 [0094.525] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0094.525] WriteFile (in: hFile=0x164, lpBuffer=0x12ad0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12917e78, lpOverlapped=0x0 | out: lpBuffer=0x12ad0000*, lpNumberOfBytesWritten=0x12917e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.525] GetFileType (hFile=0x164) returned 0x1 [0094.525] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0094.525] ReadFile (in: hFile=0x164, lpBuffer=0x12acc000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12917e80, lpOverlapped=0x0 | out: lpBuffer=0x12acc000*, lpNumberOfBytesRead=0x12917e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.525] VirtualAlloc (lpAddress=0x12ad4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ad4000 [0094.526] GetFileType (hFile=0x164) returned 0x1 [0094.526] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0094.526] WriteFile (in: hFile=0x164, lpBuffer=0x12ad4000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12917e78, lpOverlapped=0x0 | out: lpBuffer=0x12ad4000*, lpNumberOfBytesWritten=0x12917e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.526] GetFileType (hFile=0x164) returned 0x1 [0094.526] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0094.526] VirtualAlloc (lpAddress=0x12ad8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ad8000 [0094.527] SystemFunction036 (in: RandomBuffer=0x12ad8001, RandomBufferLength=0x40 | out: RandomBuffer=0x12ad8001) returned 1 [0094.527] VirtualAlloc (lpAddress=0x12ada000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ada000 [0094.527] WriteFile (in: hFile=0x164, lpBuffer=0x12900898*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12917d88, lpOverlapped=0x0 | out: lpBuffer=0x12900898*, lpNumberOfBytesWritten=0x12917d88*=0x4, lpOverlapped=0x0) returned 1 [0094.527] WriteFile (in: hFile=0x164, lpBuffer=0x12ad8100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12917d88, lpOverlapped=0x0 | out: lpBuffer=0x12ad8100*, lpNumberOfBytesWritten=0x12917d88*=0x100, lpOverlapped=0x0) returned 1 [0094.527] CloseHandle (hObject=0x164) returned 1 [0094.675] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\p6jHL.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\p6jhl.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\p6jHL.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\p6jhl.avi.crypted"), dwFlags=0x1) returned 1 [0097.538] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\p6jHL.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\p6jhl.avi")) returned 0xffffffff [0097.538] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.576] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.596] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.618] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.627] SetEvent (hEvent=0x278) returned 1 [0097.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\95 5vc4ZtmelBq.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\95 5vc4ztmelbq.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c30f1f0, ftCreationTime.dwHighDateTime=0x1d7073d, ftLastAccessTime.dwLowDateTime=0x7a83d2f0, ftLastAccessTime.dwHighDateTime=0x1d708a3, ftLastWriteTime.dwLowDateTime=0x7a83d2f0, ftLastWriteTime.dwHighDateTime=0x1d708a3, nFileSizeHigh=0x0, nFileSizeLow=0xab11)) returned 1 [0097.627] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\95 5vc4ZtmelBq.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\95 5vc4ztmelbq.jpg")) returned 0x20 [0097.627] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\95 5vc4ZtmelBq.jpg", dwFileAttributes=0x20) returned 1 [0097.627] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\95 5vc4ZtmelBq.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\95 5vc4ztmelbq.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.627] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0097.627] GetFileType (hFile=0x274) returned 0x1 [0097.627] GetFileType (hFile=0x274) returned 0x1 [0097.628] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.628] ReadFile (in: hFile=0x274, lpBuffer=0x12810420, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x12810420*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0097.628] SystemFunction036 (in: RandomBuffer=0x129a3158, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3158) returned 1 [0097.628] SystemFunction036 (in: RandomBuffer=0x129a3168, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3168) returned 1 [0097.628] GetFileType (hFile=0x274) returned 0x1 [0097.628] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.628] ReadFile (in: hFile=0x274, lpBuffer=0x129b2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x129b2000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.628] GetFileType (hFile=0x274) returned 0x1 [0097.628] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.628] WriteFile (in: hFile=0x274, lpBuffer=0x129b6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x129b6000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.629] GetFileType (hFile=0x274) returned 0x1 [0097.629] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.629] SystemFunction036 (in: RandomBuffer=0x1295ff01, RandomBufferLength=0x40 | out: RandomBuffer=0x1295ff01) returned 1 [0097.629] WriteFile (in: hFile=0x274, lpBuffer=0x1281047c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1281047c*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0097.629] WriteFile (in: hFile=0x274, lpBuffer=0x1299a000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1299a000*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0097.629] CloseHandle (hObject=0x274) returned 1 [0097.634] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\95 5vc4ZtmelBq.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\95 5vc4ztmelbq.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\95 5vc4ZtmelBq.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\95 5vc4ztmelbq.jpg.crypted"), dwFlags=0x1) returned 1 [0097.635] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\95 5vc4ZtmelBq.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\95 5vc4ztmelbq.jpg")) returned 0xffffffff [0097.635] SetEvent (hEvent=0x1a4) returned 1 [0097.635] VirtualFree (lpAddress=0x12df0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.635] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.653] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.704] SetEvent (hEvent=0x278) returned 1 [0097.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LL6gyxEm.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ll6gyxem.png"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7027f60, ftCreationTime.dwHighDateTime=0x1d6ff50, ftLastAccessTime.dwLowDateTime=0xbc3d1110, ftLastAccessTime.dwHighDateTime=0x1d70520, ftLastWriteTime.dwLowDateTime=0xbc3d1110, ftLastWriteTime.dwHighDateTime=0x1d70520, nFileSizeHigh=0x0, nFileSizeLow=0x40cd)) returned 1 [0097.704] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LL6gyxEm.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ll6gyxem.png")) returned 0x20 [0097.704] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LL6gyxEm.png", dwFileAttributes=0x20) returned 1 [0097.704] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LL6gyxEm.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ll6gyxem.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.704] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0097.704] GetFileType (hFile=0x274) returned 0x1 [0097.704] GetFileType (hFile=0x274) returned 0x1 [0097.704] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.704] ReadFile (in: hFile=0x274, lpBuffer=0x129004c4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x129004c4*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0097.705] SystemFunction036 (in: RandomBuffer=0x12817518, RandomBufferLength=0x10 | out: RandomBuffer=0x12817518) returned 1 [0097.705] SystemFunction036 (in: RandomBuffer=0x12817528, RandomBufferLength=0x10 | out: RandomBuffer=0x12817528) returned 1 [0097.705] GetFileType (hFile=0x274) returned 0x1 [0097.723] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.723] ReadFile (in: hFile=0x274, lpBuffer=0x12a08000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12a08000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.723] GetFileType (hFile=0x274) returned 0x1 [0097.723] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.723] WriteFile (in: hFile=0x274, lpBuffer=0x12a0c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12a0c000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.723] GetFileType (hFile=0x274) returned 0x1 [0097.723] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.724] SystemFunction036 (in: RandomBuffer=0x12a47801, RandomBufferLength=0x40 | out: RandomBuffer=0x12a47801) returned 1 [0097.724] WriteFile (in: hFile=0x274, lpBuffer=0x12900520*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12900520*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0097.724] WriteFile (in: hFile=0x274, lpBuffer=0x12a47900*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12a47900*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0097.724] CloseHandle (hObject=0x274) returned 1 [0097.730] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LL6gyxEm.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ll6gyxem.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LL6gyxEm.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ll6gyxem.png.crypted"), dwFlags=0x1) returned 1 [0097.731] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LL6gyxEm.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ll6gyxem.png")) returned 0xffffffff [0097.731] VirtualFree (lpAddress=0x12dee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.731] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.840] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.868] SetEvent (hEvent=0x278) returned 1 [0097.868] SetEvent (hEvent=0x26c) returned 1 [0097.868] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\cpuhbF55vB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\cpuhbf55vb.gif"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ad2b0, ftCreationTime.dwHighDateTime=0x1d708bb, ftLastAccessTime.dwLowDateTime=0x79922e40, ftLastAccessTime.dwHighDateTime=0x1d70917, ftLastWriteTime.dwLowDateTime=0x79922e40, ftLastWriteTime.dwHighDateTime=0x1d70917, nFileSizeHigh=0x0, nFileSizeLow=0x17be0)) returned 1 [0097.868] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\cpuhbF55vB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\cpuhbf55vb.gif")) returned 0x20 [0097.869] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\cpuhbF55vB.gif", dwFileAttributes=0x20) returned 1 [0097.869] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\cpuhbF55vB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\cpuhbf55vb.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.869] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0097.869] GetFileType (hFile=0x274) returned 0x1 [0097.869] GetFileType (hFile=0x274) returned 0x1 [0097.869] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.869] ReadFile (in: hFile=0x274, lpBuffer=0x1290058c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x1290058c*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0097.869] SystemFunction036 (in: RandomBuffer=0x12817798, RandomBufferLength=0x10 | out: RandomBuffer=0x12817798) returned 1 [0097.869] SystemFunction036 (in: RandomBuffer=0x128177a8, RandomBufferLength=0x10 | out: RandomBuffer=0x128177a8) returned 1 [0097.869] GetFileType (hFile=0x274) returned 0x1 [0097.869] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.869] ReadFile (in: hFile=0x274, lpBuffer=0x12a84000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12a84000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.870] GetFileType (hFile=0x274) returned 0x1 [0097.870] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.870] WriteFile (in: hFile=0x274, lpBuffer=0x12a88000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12a88000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.870] GetFileType (hFile=0x274) returned 0x1 [0097.870] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.870] SystemFunction036 (in: RandomBuffer=0x12a47e01, RandomBufferLength=0x40 | out: RandomBuffer=0x12a47e01) returned 1 [0097.870] WriteFile (in: hFile=0x274, lpBuffer=0x129005f8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x129005f8*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0097.871] WriteFile (in: hFile=0x274, lpBuffer=0x12a47f00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12a47f00*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0097.871] CloseHandle (hObject=0x274) returned 1 [0097.876] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\cpuhbF55vB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\cpuhbf55vb.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\cpuhbF55vB.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\cpuhbf55vb.gif.crypted"), dwFlags=0x1) returned 1 [0097.877] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\cpuhbF55vB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\cpuhbf55vb.gif")) returned 0xffffffff [0097.877] VirtualFree (lpAddress=0x12dea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.877] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.971] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0097.986] SetEvent (hEvent=0x26c) returned 1 [0097.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\l8LiaunWih5ECuF.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\l8liaunwih5ecuf.gif"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf14af6e0, ftCreationTime.dwHighDateTime=0x1d70383, ftLastAccessTime.dwLowDateTime=0xcc4cc720, ftLastAccessTime.dwHighDateTime=0x1d70508, ftLastWriteTime.dwLowDateTime=0xcc4cc720, ftLastWriteTime.dwHighDateTime=0x1d70508, nFileSizeHigh=0x0, nFileSizeLow=0x88c7)) returned 1 [0097.986] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\l8LiaunWih5ECuF.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\l8liaunwih5ecuf.gif")) returned 0x20 [0097.986] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\l8LiaunWih5ECuF.gif", dwFileAttributes=0x20) returned 1 [0097.987] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\l8LiaunWih5ECuF.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\l8liaunwih5ecuf.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.987] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0097.987] GetFileType (hFile=0x274) returned 0x1 [0097.987] GetFileType (hFile=0x274) returned 0x1 [0097.987] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.987] ReadFile (in: hFile=0x274, lpBuffer=0x12810560, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x12810560*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0097.987] SystemFunction036 (in: RandomBuffer=0x129a3518, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3518) returned 1 [0097.987] SystemFunction036 (in: RandomBuffer=0x129a3528, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3528) returned 1 [0097.987] GetFileType (hFile=0x274) returned 0x1 [0097.987] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.987] ReadFile (in: hFile=0x274, lpBuffer=0x129d6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x129d6000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.987] GetFileType (hFile=0x274) returned 0x1 [0097.988] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.988] WriteFile (in: hFile=0x274, lpBuffer=0x129da000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x129da000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.988] GetFileType (hFile=0x274) returned 0x1 [0097.988] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0097.988] SystemFunction036 (in: RandomBuffer=0x1299a901, RandomBufferLength=0x40 | out: RandomBuffer=0x1299a901) returned 1 [0097.988] WriteFile (in: hFile=0x274, lpBuffer=0x128105bc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x128105bc*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0097.988] WriteFile (in: hFile=0x274, lpBuffer=0x1299aa00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1299aa00*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0097.988] CloseHandle (hObject=0x274) returned 1 [0097.990] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\l8LiaunWih5ECuF.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\l8liaunwih5ecuf.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\l8LiaunWih5ECuF.gif.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\l8liaunwih5ecuf.gif.crypted"), dwFlags=0x1) returned 1 [0098.102] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\l8LiaunWih5ECuF.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\l8liaunwih5ecuf.gif")) returned 0xffffffff [0098.102] SetEvent (hEvent=0x278) returned 1 [0098.102] VirtualFree (lpAddress=0x12de6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.102] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0098.326] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0098.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vJ5FE.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vj5fe.png"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84a98180, ftCreationTime.dwHighDateTime=0x1d6fc9b, ftLastAccessTime.dwLowDateTime=0xefa29510, ftLastAccessTime.dwHighDateTime=0x1d708c8, ftLastWriteTime.dwLowDateTime=0xefa29510, ftLastWriteTime.dwHighDateTime=0x1d708c8, nFileSizeHigh=0x0, nFileSizeLow=0x122b3)) returned 1 [0098.352] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vJ5FE.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vj5fe.png")) returned 0x20 [0098.352] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vJ5FE.png", dwFileAttributes=0x20) returned 1 [0098.352] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vJ5FE.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vj5fe.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0098.353] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0098.353] GetFileType (hFile=0x274) returned 0x1 [0098.353] GetFileType (hFile=0x274) returned 0x1 [0098.353] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0098.353] ReadFile (in: hFile=0x274, lpBuffer=0x1288a42c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a42c*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0098.353] SystemFunction036 (in: RandomBuffer=0x12930ca8, RandomBufferLength=0x10 | out: RandomBuffer=0x12930ca8) returned 1 [0098.353] SystemFunction036 (in: RandomBuffer=0x12930cb8, RandomBufferLength=0x10 | out: RandomBuffer=0x12930cb8) returned 1 [0098.353] GetFileType (hFile=0x274) returned 0x1 [0098.353] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0098.353] ReadFile (in: hFile=0x274, lpBuffer=0x12ab0000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12ab0000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0098.353] GetFileType (hFile=0x274) returned 0x1 [0098.353] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0098.353] WriteFile (in: hFile=0x274, lpBuffer=0x12ab4000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12ab4000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0098.354] GetFileType (hFile=0x274) returned 0x1 [0098.354] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0098.355] SystemFunction036 (in: RandomBuffer=0x12bc7c01, RandomBufferLength=0x40 | out: RandomBuffer=0x12bc7c01) returned 1 [0098.355] WriteFile (in: hFile=0x274, lpBuffer=0x1288a488*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a488*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0098.355] WriteFile (in: hFile=0x274, lpBuffer=0x12bc7d00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12bc7d00*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0098.355] CloseHandle (hObject=0x274) returned 1 [0098.358] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vJ5FE.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vj5fe.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vJ5FE.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vj5fe.png.crypted"), dwFlags=0x1) returned 1 [0098.358] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vJ5FE.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vj5fe.png")) returned 0xffffffff [0098.358] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.020] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ymOQymw.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ymoqymw.png"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8466d340, ftCreationTime.dwHighDateTime=0x1d70a7d, ftLastAccessTime.dwLowDateTime=0x440a8230, ftLastAccessTime.dwHighDateTime=0x1d70a80, ftLastWriteTime.dwLowDateTime=0x440a8230, ftLastWriteTime.dwHighDateTime=0x1d70a80, nFileSizeHigh=0x0, nFileSizeLow=0x2997)) returned 1 [0099.020] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ymOQymw.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ymoqymw.png")) returned 0x20 [0099.020] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ymOQymw.png", dwFileAttributes=0x20) returned 1 [0099.020] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ymOQymw.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ymoqymw.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.020] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.020] GetFileType (hFile=0x274) returned 0x1 [0099.021] GetFileType (hFile=0x274) returned 0x1 [0099.021] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.021] ReadFile (in: hFile=0x274, lpBuffer=0x1298e43c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e43c*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0099.021] SystemFunction036 (in: RandomBuffer=0x128cd068, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd068) returned 1 [0099.021] SystemFunction036 (in: RandomBuffer=0x128cd078, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd078) returned 1 [0099.021] GetFileType (hFile=0x274) returned 0x1 [0099.021] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.021] ReadFile (in: hFile=0x274, lpBuffer=0x12954000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12954000*, lpNumberOfBytesRead=0x12915e80*=0x2997, lpOverlapped=0x0) returned 1 [0099.021] GetFileType (hFile=0x274) returned 0x1 [0099.021] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.021] WriteFile (in: hFile=0x274, lpBuffer=0x12962000*, nNumberOfBytesToWrite=0x29a0, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12962000*, lpNumberOfBytesWritten=0x12915e78*=0x29a0, lpOverlapped=0x0) returned 1 [0099.021] GetFileType (hFile=0x274) returned 0x1 [0099.021] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.022] SystemFunction036 (in: RandomBuffer=0x1294a501, RandomBufferLength=0x40 | out: RandomBuffer=0x1294a501) returned 1 [0099.022] WriteFile (in: hFile=0x274, lpBuffer=0x1298e498*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e498*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.022] WriteFile (in: hFile=0x274, lpBuffer=0x1294a600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1294a600*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.022] CloseHandle (hObject=0x274) returned 1 [0099.023] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ymOQymw.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ymoqymw.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ymOQymw.png.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ymoqymw.png.crypted"), dwFlags=0x1) returned 1 [0099.037] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ymOQymw.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ymoqymw.png")) returned 0xffffffff [0099.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\PrintHood" (normalized: "c:\\users\\rdhj0cnfevzx\\printhood"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.038] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\PrintHood" (normalized: "c:\\users\\rdhj0cnfevzx\\printhood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x274 [0099.038] GetFileInformationByHandle (in: hFile=0x274, lpFileInformation=0x12915bd0 | out: lpFileInformation=0x12915bd0) returned 1 [0099.038] GetFileInformationByHandleEx (in: hFile=0x274, FileInformationClass=0x9, lpFileInformation=0x12915bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12915bc8) returned 1 [0099.038] CloseHandle (hObject=0x274) returned 1 [0099.038] SetEvent (hEvent=0x1a4) returned 1 [0099.038] VirtualFree (lpAddress=0x12dda000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.038] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.136] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.184] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.206] SetEvent (hEvent=0x1d0) returned 1 [0099.206] SetEvent (hEvent=0x278) returned 1 [0099.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Start Menu" (normalized: "c:\\users\\rdhj0cnfevzx\\start menu"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.212] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Start Menu" (normalized: "c:\\users\\rdhj0cnfevzx\\start menu"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x274 [0099.213] GetFileInformationByHandle (in: hFile=0x274, lpFileInformation=0x12915bd0 | out: lpFileInformation=0x12915bd0) returned 1 [0099.213] GetFileInformationByHandleEx (in: hFile=0x274, FileInformationClass=0x9, lpFileInformation=0x12915bc8, dwBufferSize=0x8 | out: lpFileInformation=0x12915bc8) returned 1 [0099.213] CloseHandle (hObject=0x274) returned 1 [0099.214] VirtualFree (lpAddress=0x12dd6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.214] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.294] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.330] SetEvent (hEvent=0x278) returned 1 [0099.330] SetEvent (hEvent=0x1d0) returned 1 [0099.330] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\-PtDE674Kqh5Lvu.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\-ptde674kqh5lvu.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcdd3e480, ftCreationTime.dwHighDateTime=0x1d709b7, ftLastAccessTime.dwLowDateTime=0xbc36f560, ftLastAccessTime.dwHighDateTime=0x1d709e8, ftLastWriteTime.dwLowDateTime=0xbc36f560, ftLastWriteTime.dwHighDateTime=0x1d709e8, nFileSizeHigh=0x0, nFileSizeLow=0xaf8c)) returned 1 [0099.331] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\-PtDE674Kqh5Lvu.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\-ptde674kqh5lvu.mp4")) returned 0x20 [0099.331] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\-PtDE674Kqh5Lvu.mp4", dwFileAttributes=0x20) returned 1 [0099.331] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\-PtDE674Kqh5Lvu.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\-ptde674kqh5lvu.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.331] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.331] GetFileType (hFile=0x274) returned 0x1 [0099.331] GetFileType (hFile=0x274) returned 0x1 [0099.331] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.331] ReadFile (in: hFile=0x274, lpBuffer=0x1298e4fc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e4fc*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0099.331] SystemFunction036 (in: RandomBuffer=0x128cd518, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd518) returned 1 [0099.332] SystemFunction036 (in: RandomBuffer=0x128cd528, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd528) returned 1 [0099.332] GetFileType (hFile=0x274) returned 0x1 [0099.332] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.332] ReadFile (in: hFile=0x274, lpBuffer=0x12976000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12976000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.332] GetFileType (hFile=0x274) returned 0x1 [0099.332] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.332] WriteFile (in: hFile=0x274, lpBuffer=0x1297a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x1297a000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.332] GetFileType (hFile=0x274) returned 0x1 [0099.332] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.332] SystemFunction036 (in: RandomBuffer=0x1294ac01, RandomBufferLength=0x40 | out: RandomBuffer=0x1294ac01) returned 1 [0099.333] WriteFile (in: hFile=0x274, lpBuffer=0x1298e558*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e558*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.333] WriteFile (in: hFile=0x274, lpBuffer=0x1294ad00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1294ad00*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.333] CloseHandle (hObject=0x274) returned 1 [0099.338] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\-PtDE674Kqh5Lvu.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\-ptde674kqh5lvu.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\-PtDE674Kqh5Lvu.mp4.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\-ptde674kqh5lvu.mp4.crypted"), dwFlags=0x1) returned 1 [0099.338] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\-PtDE674Kqh5Lvu.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\-ptde674kqh5lvu.mp4")) returned 0xffffffff [0099.338] VirtualFree (lpAddress=0x12dd0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.339] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.413] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.425] SetEvent (hEvent=0x278) returned 1 [0099.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\cX6yGT.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\cx6ygt.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fc45690, ftCreationTime.dwHighDateTime=0x1d70423, ftLastAccessTime.dwLowDateTime=0xb8f76f00, ftLastAccessTime.dwHighDateTime=0x1d705fc, ftLastWriteTime.dwLowDateTime=0xb8f76f00, ftLastWriteTime.dwHighDateTime=0x1d705fc, nFileSizeHigh=0x0, nFileSizeLow=0x2e91)) returned 1 [0099.425] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\cX6yGT.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\cx6ygt.mkv")) returned 0x20 [0099.425] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\cX6yGT.mkv", dwFileAttributes=0x20) returned 1 [0099.425] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\cX6yGT.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\cx6ygt.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.425] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0099.425] GetFileType (hFile=0x274) returned 0x1 [0099.425] GetFileType (hFile=0x274) returned 0x1 [0099.425] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.426] ReadFile (in: hFile=0x274, lpBuffer=0x1298e5c4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e5c4*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0099.426] SystemFunction036 (in: RandomBuffer=0x128cdba8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdba8) returned 1 [0099.426] SystemFunction036 (in: RandomBuffer=0x128cdbb8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cdbb8) returned 1 [0099.426] GetFileType (hFile=0x274) returned 0x1 [0099.426] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.426] ReadFile (in: hFile=0x274, lpBuffer=0x12b98000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12b98000*, lpNumberOfBytesRead=0x12915e80*=0x2e91, lpOverlapped=0x0) returned 1 [0099.426] GetFileType (hFile=0x274) returned 0x1 [0099.426] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.426] WriteFile (in: hFile=0x274, lpBuffer=0x12b9c000*, nNumberOfBytesToWrite=0x2ea0, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12b9c000*, lpNumberOfBytesWritten=0x12915e78*=0x2ea0, lpOverlapped=0x0) returned 1 [0099.427] GetFileType (hFile=0x274) returned 0x1 [0099.427] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0099.427] SystemFunction036 (in: RandomBuffer=0x1294b201, RandomBufferLength=0x40 | out: RandomBuffer=0x1294b201) returned 1 [0099.427] WriteFile (in: hFile=0x274, lpBuffer=0x1298e620*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e620*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0099.427] WriteFile (in: hFile=0x274, lpBuffer=0x1294b300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1294b300*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0099.427] CloseHandle (hObject=0x274) returned 1 [0099.428] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\cX6yGT.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\cx6ygt.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\cX6yGT.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\cx6ygt.mkv.crypted"), dwFlags=0x1) returned 1 [0099.429] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Bo6xMhJa7YQNZtA07\\cX6yGT.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\bo6xmhja7yqnzta07\\cx6ygt.mkv")) returned 0xffffffff [0099.429] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.493] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.550] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.573] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0099.612] SetEvent (hEvent=0x278) returned 1 [0099.612] SetEvent (hEvent=0x26c) returned 1 [0099.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\sWGYoz.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\swgyoz.swf"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28a27e00, ftCreationTime.dwHighDateTime=0x1d6ff07, ftLastAccessTime.dwLowDateTime=0x541a18d0, ftLastAccessTime.dwHighDateTime=0x1d70273, ftLastWriteTime.dwLowDateTime=0x541a18d0, ftLastWriteTime.dwHighDateTime=0x1d70273, nFileSizeHigh=0x0, nFileSizeLow=0x78f3)) returned 1 [0099.612] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\sWGYoz.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\swgyoz.swf")) returned 0x20 [0099.612] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\sWGYoz.swf", dwFileAttributes=0x20) returned 1 [0099.613] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\sWGYoz.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\swgyoz.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.613] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0099.613] GetFileType (hFile=0x274) returned 0x1 [0099.613] GetFileType (hFile=0x274) returned 0x1 [0099.613] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.613] ReadFile (in: hFile=0x274, lpBuffer=0x129008a8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x129008a8*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0099.613] SystemFunction036 (in: RandomBuffer=0x1287e9d8, RandomBufferLength=0x10 | out: RandomBuffer=0x1287e9d8) returned 1 [0099.613] SystemFunction036 (in: RandomBuffer=0x1287e9e8, RandomBufferLength=0x10 | out: RandomBuffer=0x1287e9e8) returned 1 [0099.613] GetFileType (hFile=0x274) returned 0x1 [0099.613] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0099.613] ReadFile (in: hFile=0x274, lpBuffer=0x12c16000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12c16000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.614] GetFileType (hFile=0x274) returned 0x1 [0099.614] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0099.614] WriteFile (in: hFile=0x274, lpBuffer=0x12c1a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12c1a000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.614] GetFileType (hFile=0x274) returned 0x1 [0099.614] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0099.615] SystemFunction036 (in: RandomBuffer=0x1286b401, RandomBufferLength=0x40 | out: RandomBuffer=0x1286b401) returned 1 [0099.615] WriteFile (in: hFile=0x274, lpBuffer=0x12900904*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12900904*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0099.615] WriteFile (in: hFile=0x274, lpBuffer=0x1286b500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x1286b500*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0099.615] CloseHandle (hObject=0x274) returned 1 [0099.618] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\sWGYoz.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\swgyoz.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\sWGYoz.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\swgyoz.swf.crypted"), dwFlags=0x1) returned 1 [0099.619] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\99IeKDH3aKF\\sWGYoz.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\99iekdh3akf\\swgyoz.swf")) returned 0xffffffff [0099.619] VirtualFree (lpAddress=0x12dc6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.620] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0100.052] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0100.098] SetEvent (hEvent=0x1a4) returned 1 [0100.098] SetEvent (hEvent=0x26c) returned 1 [0100.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\76tOSW6xWOy.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\76tosw6xwoy.flv"), fInfoLevelId=0x0, lpFileInformation=0x128cfc44 | out: lpFileInformation=0x128cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf15ad3b0, ftCreationTime.dwHighDateTime=0x1d6fae3, ftLastAccessTime.dwLowDateTime=0x89a43a20, ftLastAccessTime.dwHighDateTime=0x1d70a03, ftLastWriteTime.dwLowDateTime=0x89a43a20, ftLastWriteTime.dwHighDateTime=0x1d70a03, nFileSizeHigh=0x0, nFileSizeLow=0x10b5c)) returned 1 [0100.099] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\76tOSW6xWOy.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\76tosw6xwoy.flv")) returned 0x20 [0100.099] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\76tOSW6xWOy.flv", dwFileAttributes=0x20) returned 1 [0100.099] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\76tOSW6xWOy.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\76tosw6xwoy.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.099] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x128cfe88 | out: lpMode=0x128cfe88) returned 0 [0100.099] GetFileType (hFile=0x274) returned 0x1 [0100.100] GetFileType (hFile=0x274) returned 0x1 [0100.100] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.100] ReadFile (in: hFile=0x274, lpBuffer=0x12810064, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x128cfd14, lpOverlapped=0x0 | out: lpBuffer=0x12810064*, lpNumberOfBytesRead=0x128cfd14*=0x4, lpOverlapped=0x0) returned 1 [0100.100] SystemFunction036 (in: RandomBuffer=0x129fe2a8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe2a8) returned 1 [0100.100] SystemFunction036 (in: RandomBuffer=0x129fe2b8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe2b8) returned 1 [0100.100] GetFileType (hFile=0x274) returned 0x1 [0100.100] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.100] ReadFile (in: hFile=0x274, lpBuffer=0x128b6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x128cfe80, lpOverlapped=0x0 | out: lpBuffer=0x128b6000*, lpNumberOfBytesRead=0x128cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0100.101] GetFileType (hFile=0x274) returned 0x1 [0100.101] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.101] WriteFile (in: hFile=0x274, lpBuffer=0x128d6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x128cfe78, lpOverlapped=0x0 | out: lpBuffer=0x128d6000*, lpNumberOfBytesWritten=0x128cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0100.101] GetFileType (hFile=0x274) returned 0x1 [0100.101] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.101] SystemFunction036 (in: RandomBuffer=0x128b0001, RandomBufferLength=0x40 | out: RandomBuffer=0x128b0001) returned 1 [0100.102] WriteFile (in: hFile=0x274, lpBuffer=0x128100c0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x128cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128100c0*, lpNumberOfBytesWritten=0x128cfd88*=0x4, lpOverlapped=0x0) returned 1 [0100.102] WriteFile (in: hFile=0x274, lpBuffer=0x128b0100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x128cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128b0100*, lpNumberOfBytesWritten=0x128cfd88*=0x100, lpOverlapped=0x0) returned 1 [0100.102] CloseHandle (hObject=0x274) returned 1 [0100.109] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\76tOSW6xWOy.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\76tosw6xwoy.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\76tOSW6xWOy.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\76tosw6xwoy.flv.crypted"), dwFlags=0x1) returned 1 [0100.110] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\76tOSW6xWOy.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\76tosw6xwoy.flv")) returned 0xffffffff [0100.110] VirtualFree (lpAddress=0x12db6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.111] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0100.199] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0100.210] SetEvent (hEvent=0x1a4) returned 1 [0100.210] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\MF gNOEL8QBz.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\mf gnoel8qbz.mkv"), fInfoLevelId=0x0, lpFileInformation=0x128cfc44 | out: lpFileInformation=0x128cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8eeea1c0, ftCreationTime.dwHighDateTime=0x1d6fc82, ftLastAccessTime.dwLowDateTime=0x3a5da350, ftLastAccessTime.dwHighDateTime=0x1d6feb1, ftLastWriteTime.dwLowDateTime=0x3a5da350, ftLastWriteTime.dwHighDateTime=0x1d6feb1, nFileSizeHigh=0x0, nFileSizeLow=0x27fb)) returned 1 [0100.210] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\MF gNOEL8QBz.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\mf gnoel8qbz.mkv")) returned 0x20 [0100.210] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\MF gNOEL8QBz.mkv", dwFileAttributes=0x20) returned 1 [0100.210] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\MF gNOEL8QBz.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\mf gnoel8qbz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.211] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x128cfe88 | out: lpMode=0x128cfe88) returned 0 [0100.211] GetFileType (hFile=0x274) returned 0x1 [0100.211] GetFileType (hFile=0x274) returned 0x1 [0100.211] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.211] ReadFile (in: hFile=0x274, lpBuffer=0x1281028c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x128cfd14, lpOverlapped=0x0 | out: lpBuffer=0x1281028c*, lpNumberOfBytesRead=0x128cfd14*=0x4, lpOverlapped=0x0) returned 1 [0100.211] SystemFunction036 (in: RandomBuffer=0x129fe6b8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe6b8) returned 1 [0100.211] SystemFunction036 (in: RandomBuffer=0x129fe6c8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe6c8) returned 1 [0100.211] GetFileType (hFile=0x274) returned 0x1 [0100.211] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.211] ReadFile (in: hFile=0x274, lpBuffer=0x128ec000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x128cfe80, lpOverlapped=0x0 | out: lpBuffer=0x128ec000*, lpNumberOfBytesRead=0x128cfe80*=0x27fb, lpOverlapped=0x0) returned 1 [0100.211] GetFileType (hFile=0x274) returned 0x1 [0100.211] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.211] WriteFile (in: hFile=0x274, lpBuffer=0x128f0000*, nNumberOfBytesToWrite=0x2800, lpNumberOfBytesWritten=0x128cfe78, lpOverlapped=0x0 | out: lpBuffer=0x128f0000*, lpNumberOfBytesWritten=0x128cfe78*=0x2800, lpOverlapped=0x0) returned 1 [0100.212] GetFileType (hFile=0x274) returned 0x1 [0100.212] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.212] SystemFunction036 (in: RandomBuffer=0x128b0901, RandomBufferLength=0x40 | out: RandomBuffer=0x128b0901) returned 1 [0100.212] WriteFile (in: hFile=0x274, lpBuffer=0x128102e8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x128cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128102e8*, lpNumberOfBytesWritten=0x128cfd88*=0x4, lpOverlapped=0x0) returned 1 [0100.212] WriteFile (in: hFile=0x274, lpBuffer=0x128b0a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x128cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128b0a00*, lpNumberOfBytesWritten=0x128cfd88*=0x100, lpOverlapped=0x0) returned 1 [0100.212] CloseHandle (hObject=0x274) returned 1 [0100.216] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\MF gNOEL8QBz.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\mf gnoel8qbz.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\MF gNOEL8QBz.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\mf gnoel8qbz.mkv.crypted"), dwFlags=0x1) returned 1 [0100.217] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\MF gNOEL8QBz.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\mf gnoel8qbz.mkv")) returned 0xffffffff [0100.217] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0100.278] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0100.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\nbeBLlR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\nbebllr.avi"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7b25d00, ftCreationTime.dwHighDateTime=0x1d707b1, ftLastAccessTime.dwLowDateTime=0x3c0499d0, ftLastAccessTime.dwHighDateTime=0x1d707f7, ftLastWriteTime.dwLowDateTime=0x3c0499d0, ftLastWriteTime.dwHighDateTime=0x1d707f7, nFileSizeHigh=0x0, nFileSizeLow=0xaa6c)) returned 1 [0100.339] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\nbeBLlR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\nbebllr.avi")) returned 0x20 [0100.339] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\nbeBLlR.avi", dwFileAttributes=0x20) returned 1 [0100.339] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\nbeBLlR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\nbebllr.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.339] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0100.339] GetFileType (hFile=0x274) returned 0x1 [0100.340] GetFileType (hFile=0x274) returned 0x1 [0100.340] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.340] ReadFile (in: hFile=0x274, lpBuffer=0x1298e0dc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e0dc*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0100.340] SystemFunction036 (in: RandomBuffer=0x12816758, RandomBufferLength=0x10 | out: RandomBuffer=0x12816758) returned 1 [0100.340] SystemFunction036 (in: RandomBuffer=0x12816768, RandomBufferLength=0x10 | out: RandomBuffer=0x12816768) returned 1 [0100.340] GetFileType (hFile=0x274) returned 0x1 [0100.340] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0100.340] ReadFile (in: hFile=0x274, lpBuffer=0x12c32000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12c32000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0100.340] VirtualAlloc (lpAddress=0x12c42000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c42000 [0100.341] GetFileType (hFile=0x274) returned 0x1 [0100.341] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0100.341] WriteFile (in: hFile=0x274, lpBuffer=0x12c42000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12c42000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0100.341] GetFileType (hFile=0x274) returned 0x1 [0100.341] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0100.341] SystemFunction036 (in: RandomBuffer=0x12c90501, RandomBufferLength=0x40 | out: RandomBuffer=0x12c90501) returned 1 [0100.342] WriteFile (in: hFile=0x274, lpBuffer=0x1298e138*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e138*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0100.342] WriteFile (in: hFile=0x274, lpBuffer=0x12c90600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12c90600*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0100.342] CloseHandle (hObject=0x274) returned 1 [0100.348] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\nbeBLlR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\nbebllr.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\nbeBLlR.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\nbebllr.avi.crypted"), dwFlags=0x1) returned 1 [0100.349] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\nbeBLlR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\nbebllr.avi")) returned 0xffffffff [0100.349] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0100.395] WaitForSingleObject (hHandle=0x260, dwMilliseconds=0xffffffff) returned 0x0 [0100.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\umJF5l KUU0k.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\umjf5l kuu0k.flv"), fInfoLevelId=0x0, lpFileInformation=0x128cfc44 | out: lpFileInformation=0x128cfc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6b6400, ftCreationTime.dwHighDateTime=0x1d6fbe1, ftLastAccessTime.dwLowDateTime=0x9993e690, ftLastAccessTime.dwHighDateTime=0x1d6fede, ftLastWriteTime.dwLowDateTime=0x9993e690, ftLastWriteTime.dwHighDateTime=0x1d6fede, nFileSizeHigh=0x0, nFileSizeLow=0x1311b)) returned 1 [0100.415] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\umJF5l KUU0k.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\umjf5l kuu0k.flv")) returned 0x20 [0100.415] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\umJF5l KUU0k.flv", dwFileAttributes=0x20) returned 1 [0100.416] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\umJF5l KUU0k.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\umjf5l kuu0k.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x300 [0100.416] GetConsoleMode (in: hConsoleHandle=0x300, lpMode=0x128cfe88 | out: lpMode=0x128cfe88) returned 0 [0100.416] GetFileType (hFile=0x300) returned 0x1 [0100.416] GetFileType (hFile=0x300) returned 0x1 [0100.416] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.416] ReadFile (in: hFile=0x300, lpBuffer=0x128102f0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x128cfd14, lpOverlapped=0x0 | out: lpBuffer=0x128102f0*, lpNumberOfBytesRead=0x128cfd14*=0x4, lpOverlapped=0x0) returned 1 [0100.416] SystemFunction036 (in: RandomBuffer=0x129fe898, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe898) returned 1 [0100.416] SystemFunction036 (in: RandomBuffer=0x129fe8a8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe8a8) returned 1 [0100.417] GetFileType (hFile=0x300) returned 0x1 [0100.417] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.417] ReadFile (in: hFile=0x300, lpBuffer=0x12984000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x128cfe80, lpOverlapped=0x0 | out: lpBuffer=0x12984000*, lpNumberOfBytesRead=0x128cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0100.417] GetFileType (hFile=0x300) returned 0x1 [0100.417] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.417] WriteFile (in: hFile=0x300, lpBuffer=0x1298a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x128cfe78, lpOverlapped=0x0 | out: lpBuffer=0x1298a000*, lpNumberOfBytesWritten=0x128cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0100.417] GetFileType (hFile=0x300) returned 0x1 [0100.417] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.417] ReadFile (in: hFile=0x300, lpBuffer=0x12984000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x128cfe80, lpOverlapped=0x0 | out: lpBuffer=0x12984000*, lpNumberOfBytesRead=0x128cfe80*=0x4000, lpOverlapped=0x0) returned 1 [0100.418] GetFileType (hFile=0x300) returned 0x1 [0100.418] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.418] WriteFile (in: hFile=0x300, lpBuffer=0x12992000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x128cfe78, lpOverlapped=0x0 | out: lpBuffer=0x12992000*, lpNumberOfBytesWritten=0x128cfe78*=0x4000, lpOverlapped=0x0) returned 1 [0100.418] GetFileType (hFile=0x300) returned 0x1 [0100.418] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x128cfe9c | out: lpNewFilePointer=0x0) returned 1 [0100.418] SystemFunction036 (in: RandomBuffer=0x128b0e01, RandomBufferLength=0x40 | out: RandomBuffer=0x128b0e01) returned 1 [0100.418] WriteFile (in: hFile=0x300, lpBuffer=0x1281034c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x128cfd88, lpOverlapped=0x0 | out: lpBuffer=0x1281034c*, lpNumberOfBytesWritten=0x128cfd88*=0x4, lpOverlapped=0x0) returned 1 [0100.419] WriteFile (in: hFile=0x300, lpBuffer=0x128b0f00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x128cfd88, lpOverlapped=0x0 | out: lpBuffer=0x128b0f00*, lpNumberOfBytesWritten=0x128cfd88*=0x100, lpOverlapped=0x0) returned 1 [0100.419] CloseHandle (hObject=0x300) returned 1 [0100.421] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\umJF5l KUU0k.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\umjf5l kuu0k.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\umJF5l KUU0k.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\umjf5l kuu0k.flv.crypted"), dwFlags=0x1) returned 1 [0100.422] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\umJF5l KUU0k.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\umjf5l kuu0k.flv")) returned 0xffffffff [0100.422] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa04, ulCount=0x10, ulNumEntriesRemoved=0x3466f9ec, dwMilliseconds=0xe, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa04, ulNumEntriesRemoved=0x3466f9ec) returned 0 [0100.449] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa04, ulCount=0x10, ulNumEntriesRemoved=0x3466f9ec, dwMilliseconds=0x2a, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa04, ulNumEntriesRemoved=0x3466f9ec) returned 0 [0100.517] SetEvent (hEvent=0x278) returned 1 [0100.517] VirtualFree (lpAddress=0x12daa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.517] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x29, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0100.622] SetEvent (hEvent=0x278) returned 1 [0100.622] SetEvent (hEvent=0x1a4) returned 1 [0100.622] VirtualFree (lpAddress=0x12da8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.622] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x21, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0100.670] SetEvent (hEvent=0x1a4) returned 1 [0100.670] SetEvent (hEvent=0x278) returned 1 [0100.670] VirtualFree (lpAddress=0x12da6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.671] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x1, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0100.672] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x1, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0100.702] SetEvent (hEvent=0x278) returned 1 [0100.702] SetEvent (hEvent=0x1a4) returned 1 [0100.702] VirtualFree (lpAddress=0x12da4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.702] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x20, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0100.766] SetEvent (hEvent=0x1a4) returned 1 [0100.766] SetEvent (hEvent=0x278) returned 1 [0100.766] VirtualFree (lpAddress=0x12da2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.767] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x1, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0100.772] SetEvent (hEvent=0x278) returned 1 [0100.772] SetEvent (hEvent=0x1a4) returned 1 [0100.772] VirtualFree (lpAddress=0x12da0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.772] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x1, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0100.806] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0xf, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0100.827] SetEvent (hEvent=0x26c) returned 1 [0100.827] SetEvent (hEvent=0x278) returned 1 [0100.827] VirtualFree (lpAddress=0x12d9c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.827] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x40, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0100.915] SetEvent (hEvent=0x278) returned 1 [0100.915] SetEvent (hEvent=0x26c) returned 1 [0100.915] VirtualFree (lpAddress=0x12d9a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.916] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x39, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0101.082] SetEvent (hEvent=0x26c) returned 1 [0101.082] SetEvent (hEvent=0x278) returned 1 [0101.083] VirtualFree (lpAddress=0x12d98000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.083] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x2d, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0101.132] SetEvent (hEvent=0x278) returned 1 [0101.132] SetEvent (hEvent=0x26c) returned 1 [0101.132] VirtualFree (lpAddress=0x12d96000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.132] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x37, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0101.225] SetEvent (hEvent=0x26c) returned 1 [0101.225] SetEvent (hEvent=0x278) returned 1 [0101.225] VirtualFree (lpAddress=0x12d94000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.226] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x31, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0101.280] SetEvent (hEvent=0x278) returned 1 [0101.280] SetEvent (hEvent=0x26c) returned 1 [0101.280] VirtualFree (lpAddress=0x12d92000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.280] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x39, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0101.370] SetEvent (hEvent=0x26c) returned 1 [0101.370] SetEvent (hEvent=0x278) returned 1 [0101.370] VirtualFree (lpAddress=0x12d90000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.371] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x39, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0101.449] SetEvent (hEvent=0x278) returned 1 [0101.449] SetEvent (hEvent=0x26c) returned 1 [0101.449] VirtualFree (lpAddress=0x12d8e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.449] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x1, fAlertable=0 | out: lpCompletionPortEntries=0x3466fa24, ulNumEntriesRemoved=0x3466fa0c) returned 0 [0101.481] VirtualFree (lpAddress=0x12d8c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.482] GetQueuedCompletionStatusEx (CompletionPort=0x138, lpCompletionPortEntries=0x3466fa24, ulCount=0x10, ulNumEntriesRemoved=0x3466fa0c, dwMilliseconds=0x17, fAlertable=0) Thread: id = 34 os_tid = 0x108c [0094.425] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x347aff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x347aff28*=0x268) returned 1 [0094.425] VirtualQuery (in: lpAddress=0x347aff38, lpBuffer=0x347aff38, dwLength=0x1c | out: lpBuffer=0x347aff38*(BaseAddress=0x347af000, AllocationBase=0x346b0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.425] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x26c [0094.425] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270 [0094.425] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0094.499] SetEvent (hEvent=0x260) returned 1 [0094.499] VirtualAlloc (lpAddress=0x12a4c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a4c000 [0094.500] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ILqBRPcatX7-wJ.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ilqbrpcatx7-wj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12a51c44 | out: lpFileInformation=0x12a51c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f15c50, ftCreationTime.dwHighDateTime=0x1d70a7f, ftLastAccessTime.dwLowDateTime=0x9e188390, ftLastAccessTime.dwHighDateTime=0x1d70a7f, ftLastWriteTime.dwLowDateTime=0x9e188390, ftLastWriteTime.dwHighDateTime=0x1d70a7f, nFileSizeHigh=0x0, nFileSizeLow=0x168ef)) returned 1 [0094.500] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ILqBRPcatX7-wJ.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ilqbrpcatx7-wj.mp3")) returned 0x20 [0094.500] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ILqBRPcatX7-wJ.mp3", dwFileAttributes=0x20) returned 1 [0094.500] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ILqBRPcatX7-wJ.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ilqbrpcatx7-wj.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0094.504] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0x12a51e88 | out: lpMode=0x12a51e88) returned 0 [0094.504] GetFileType (hFile=0x164) returned 0x1 [0094.504] GetFileType (hFile=0x164) returned 0x1 [0094.504] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.504] ReadFile (in: hFile=0x164, lpBuffer=0x1281053c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a51d14, lpOverlapped=0x0 | out: lpBuffer=0x1281053c*, lpNumberOfBytesRead=0x12a51d14*=0x4, lpOverlapped=0x0) returned 1 [0094.504] SystemFunction036 (in: RandomBuffer=0x12816cf8, RandomBufferLength=0x10 | out: RandomBuffer=0x12816cf8) returned 1 [0094.504] SystemFunction036 (in: RandomBuffer=0x12816d08, RandomBufferLength=0x10 | out: RandomBuffer=0x12816d08) returned 1 [0094.504] VirtualAlloc (lpAddress=0x12a54000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a54000 [0094.505] GetFileType (hFile=0x164) returned 0x1 [0094.505] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0094.505] ReadFile (in: hFile=0x164, lpBuffer=0x12a54000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12a54000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.505] VirtualAlloc (lpAddress=0x12a58000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a58000 [0094.505] GetFileType (hFile=0x164) returned 0x1 [0094.505] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0094.505] WriteFile (in: hFile=0x164, lpBuffer=0x12a58000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12a58000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.506] GetFileType (hFile=0x164) returned 0x1 [0094.506] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0094.506] ReadFile (in: hFile=0x164, lpBuffer=0x12a54000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a51e80, lpOverlapped=0x0 | out: lpBuffer=0x12a54000*, lpNumberOfBytesRead=0x12a51e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.506] VirtualAlloc (lpAddress=0x12a5c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a5c000 [0094.507] GetFileType (hFile=0x164) returned 0x1 [0094.507] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0094.507] WriteFile (in: hFile=0x164, lpBuffer=0x12a5c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a51e78, lpOverlapped=0x0 | out: lpBuffer=0x12a5c000*, lpNumberOfBytesWritten=0x12a51e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.507] GetFileType (hFile=0x164) returned 0x1 [0094.507] SetFilePointerEx (in: hFile=0x164, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a51e9c | out: lpNewFilePointer=0x0) returned 1 [0094.507] SystemFunction036 (in: RandomBuffer=0x1287f601, RandomBufferLength=0x40 | out: RandomBuffer=0x1287f601) returned 1 [0094.507] VirtualAlloc (lpAddress=0x12a60000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a60000 [0094.508] WriteFile (in: hFile=0x164, lpBuffer=0x12810598*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x12810598*, lpNumberOfBytesWritten=0x12a51d88*=0x4, lpOverlapped=0x0) returned 1 [0094.508] WriteFile (in: hFile=0x164, lpBuffer=0x1287f700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a51d88, lpOverlapped=0x0 | out: lpBuffer=0x1287f700*, lpNumberOfBytesWritten=0x12a51d88*=0x100, lpOverlapped=0x0) returned 1 [0094.508] CloseHandle (hObject=0x164) returned 1 [0094.675] VirtualAlloc (lpAddress=0x12b84000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b84000 [0094.675] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ILqBRPcatX7-wJ.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ilqbrpcatx7-wj.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ILqBRPcatX7-wJ.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ilqbrpcatx7-wj.mp3.crypted"), dwFlags=0x1) returned 1 [0097.470] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jJFhRvXx0-HQg\\eRZYW5m\\ILqBRPcatX7-wJ.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jjfhrvxx0-hqg\\erzyw5m\\ilqbrpcatx7-wj.mp3")) returned 0xffffffff [0097.538] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0097.576] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0097.894] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0097.903] SetEvent (hEvent=0x278) returned 1 [0097.903] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gg43vI1yr8pTZKBdPTM.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gg43vi1yr8ptzkbdptm.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86465850, ftCreationTime.dwHighDateTime=0x1d70872, ftLastAccessTime.dwLowDateTime=0x90ca9730, ftLastAccessTime.dwHighDateTime=0x1d70987, ftLastWriteTime.dwLowDateTime=0x90ca9730, ftLastWriteTime.dwHighDateTime=0x1d70987, nFileSizeHigh=0x0, nFileSizeLow=0x2714)) returned 1 [0097.903] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gg43vI1yr8pTZKBdPTM.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gg43vi1yr8ptzkbdptm.jpg")) returned 0x20 [0097.903] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gg43vI1yr8pTZKBdPTM.jpg", dwFileAttributes=0x20) returned 1 [0097.903] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gg43vI1yr8pTZKBdPTM.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gg43vi1yr8ptzkbdptm.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.904] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0097.904] GetFileType (hFile=0x274) returned 0x1 [0097.904] GetFileType (hFile=0x274) returned 0x1 [0097.904] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.904] ReadFile (in: hFile=0x274, lpBuffer=0x1298e360, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e360*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0097.904] SystemFunction036 (in: RandomBuffer=0x128ccde8, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccde8) returned 1 [0097.904] SystemFunction036 (in: RandomBuffer=0x128ccdf8, RandomBufferLength=0x10 | out: RandomBuffer=0x128ccdf8) returned 1 [0097.904] GetFileType (hFile=0x274) returned 0x1 [0097.904] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.904] ReadFile (in: hFile=0x274, lpBuffer=0x12936000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12936000*, lpNumberOfBytesRead=0x12915e80*=0x2714, lpOverlapped=0x0) returned 1 [0097.904] GetFileType (hFile=0x274) returned 0x1 [0097.904] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.904] WriteFile (in: hFile=0x274, lpBuffer=0x1293a000*, nNumberOfBytesToWrite=0x2720, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x1293a000*, lpNumberOfBytesWritten=0x12915e78*=0x2720, lpOverlapped=0x0) returned 1 [0097.905] GetFileType (hFile=0x274) returned 0x1 [0097.905] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.905] SystemFunction036 (in: RandomBuffer=0x12d9fe01, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9fe01) returned 1 [0097.905] WriteFile (in: hFile=0x274, lpBuffer=0x1298e3bc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e3bc*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0097.905] WriteFile (in: hFile=0x274, lpBuffer=0x12d9ff00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9ff00*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0097.908] CloseHandle (hObject=0x274) returned 1 [0097.909] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gg43vI1yr8pTZKBdPTM.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gg43vi1yr8ptzkbdptm.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gg43vI1yr8pTZKBdPTM.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gg43vi1yr8ptzkbdptm.jpg.crypted"), dwFlags=0x1) returned 1 [0097.910] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\gg43vI1yr8pTZKBdPTM.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\gg43vi1yr8ptzkbdptm.jpg")) returned 0xffffffff [0097.910] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0097.965] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\kZCD.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\kzcd.jpg"), fInfoLevelId=0x0, lpFileInformation=0x12919c44 | out: lpFileInformation=0x12919c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a8f8f80, ftCreationTime.dwHighDateTime=0x1d7093c, ftLastAccessTime.dwLowDateTime=0x9acadc00, ftLastAccessTime.dwHighDateTime=0x1d70a7b, ftLastWriteTime.dwLowDateTime=0x9acadc00, ftLastWriteTime.dwHighDateTime=0x1d70a7b, nFileSizeHigh=0x0, nFileSizeLow=0x11a71)) returned 1 [0097.965] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\kZCD.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\kzcd.jpg")) returned 0x20 [0097.965] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\kZCD.jpg", dwFileAttributes=0x20) returned 1 [0097.965] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\kZCD.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\kzcd.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.965] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12919e88 | out: lpMode=0x12919e88) returned 0 [0097.965] GetFileType (hFile=0x274) returned 0x1 [0097.966] GetFileType (hFile=0x274) returned 0x1 [0097.966] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.966] ReadFile (in: hFile=0x274, lpBuffer=0x1290061c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12919d14, lpOverlapped=0x0 | out: lpBuffer=0x1290061c*, lpNumberOfBytesRead=0x12919d14*=0x4, lpOverlapped=0x0) returned 1 [0097.966] SystemFunction036 (in: RandomBuffer=0x12817a68, RandomBufferLength=0x10 | out: RandomBuffer=0x12817a68) returned 1 [0097.966] SystemFunction036 (in: RandomBuffer=0x12817a78, RandomBufferLength=0x10 | out: RandomBuffer=0x12817a78) returned 1 [0097.966] GetFileType (hFile=0x274) returned 0x1 [0097.966] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.966] ReadFile (in: hFile=0x274, lpBuffer=0x12a98000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12919e80, lpOverlapped=0x0 | out: lpBuffer=0x12a98000*, lpNumberOfBytesRead=0x12919e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.966] GetFileType (hFile=0x274) returned 0x1 [0097.966] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.966] WriteFile (in: hFile=0x274, lpBuffer=0x12a9c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12919e78, lpOverlapped=0x0 | out: lpBuffer=0x12a9c000*, lpNumberOfBytesWritten=0x12919e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.967] GetFileType (hFile=0x274) returned 0x1 [0097.967] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12919e9c | out: lpNewFilePointer=0x0) returned 1 [0097.967] SystemFunction036 (in: RandomBuffer=0x1286a101, RandomBufferLength=0x40 | out: RandomBuffer=0x1286a101) returned 1 [0097.967] WriteFile (in: hFile=0x274, lpBuffer=0x12900678*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x12900678*, lpNumberOfBytesWritten=0x12919d88*=0x4, lpOverlapped=0x0) returned 1 [0097.967] WriteFile (in: hFile=0x274, lpBuffer=0x1286a200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12919d88, lpOverlapped=0x0 | out: lpBuffer=0x1286a200*, lpNumberOfBytesWritten=0x12919d88*=0x100, lpOverlapped=0x0) returned 1 [0097.967] CloseHandle (hObject=0x274) returned 1 [0097.969] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\kZCD.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\kzcd.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\kZCD.jpg.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\kzcd.jpg.crypted"), dwFlags=0x1) returned 1 [0097.970] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\kZCD.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\kzcd.jpg")) returned 0xffffffff [0097.970] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0098.116] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0098.245] SetEvent (hEvent=0x260) returned 1 [0098.245] VirtualFree (lpAddress=0x12de0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.245] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0099.657] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0099.669] SetEvent (hEvent=0x278) returned 1 [0099.669] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\lmoin.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\lmoin.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b838d80, ftCreationTime.dwHighDateTime=0x1d7038b, ftLastAccessTime.dwLowDateTime=0xfa5e06d0, ftLastAccessTime.dwHighDateTime=0x1d709ac, ftLastWriteTime.dwLowDateTime=0xfa5e06d0, ftLastWriteTime.dwHighDateTime=0x1d709ac, nFileSizeHigh=0x0, nFileSizeLow=0x5512)) returned 1 [0099.669] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\lmoin.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\lmoin.mkv")) returned 0x20 [0099.669] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\lmoin.mkv", dwFileAttributes=0x20) returned 1 [0099.669] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\lmoin.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\lmoin.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.669] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0099.669] GetFileType (hFile=0x274) returned 0x1 [0099.669] GetFileType (hFile=0x274) returned 0x1 [0099.669] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.670] ReadFile (in: hFile=0x274, lpBuffer=0x1281084c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x1281084c*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0099.670] SystemFunction036 (in: RandomBuffer=0x129fe4d8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe4d8) returned 1 [0099.670] SystemFunction036 (in: RandomBuffer=0x129fe4e8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe4e8) returned 1 [0099.670] VirtualAlloc (lpAddress=0x12c92000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c92000 [0099.670] GetFileType (hFile=0x274) returned 0x1 [0099.671] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.671] ReadFile (in: hFile=0x274, lpBuffer=0x12c92000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x12c92000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.671] VirtualAlloc (lpAddress=0x12c96000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c96000 [0099.671] GetFileType (hFile=0x274) returned 0x1 [0099.671] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.672] WriteFile (in: hFile=0x274, lpBuffer=0x12c96000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x12c96000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.672] GetFileType (hFile=0x274) returned 0x1 [0099.672] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.674] SystemFunction036 (in: RandomBuffer=0x12c90401, RandomBufferLength=0x40 | out: RandomBuffer=0x12c90401) returned 1 [0099.675] VirtualAlloc (lpAddress=0x12c9a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c9a000 [0099.675] WriteFile (in: hFile=0x274, lpBuffer=0x128108b8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x128108b8*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0099.675] WriteFile (in: hFile=0x274, lpBuffer=0x12c90500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12c90500*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0099.675] CloseHandle (hObject=0x274) returned 1 [0099.677] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\lmoin.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\lmoin.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\lmoin.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\lmoin.mkv.crypted"), dwFlags=0x1) returned 1 [0099.678] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\H9Eu0o86x\\lmoin.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\h9eu0o86x\\lmoin.mkv")) returned 0xffffffff [0099.678] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0099.728] SetEvent (hEvent=0x278) returned 1 [0099.729] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\9lLzQ.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\9llzq.avi"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x487378b0, ftCreationTime.dwHighDateTime=0x1d6fb79, ftLastAccessTime.dwLowDateTime=0x3637c2b0, ftLastAccessTime.dwHighDateTime=0x1d6fff6, ftLastWriteTime.dwLowDateTime=0x3637c2b0, ftLastWriteTime.dwHighDateTime=0x1d6fff6, nFileSizeHigh=0x0, nFileSizeLow=0x18897)) returned 1 [0099.729] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\9lLzQ.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\9llzq.avi")) returned 0x20 [0099.729] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\9lLzQ.avi", dwFileAttributes=0x20) returned 1 [0099.729] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\9lLzQ.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\9llzq.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.729] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0099.730] GetFileType (hFile=0x274) returned 0x1 [0099.730] GetFileType (hFile=0x274) returned 0x1 [0099.730] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.730] ReadFile (in: hFile=0x274, lpBuffer=0x128108c0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x128108c0*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0099.730] SystemFunction036 (in: RandomBuffer=0x129fe618, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe618) returned 1 [0099.730] SystemFunction036 (in: RandomBuffer=0x129fe628, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe628) returned 1 [0099.730] VirtualAlloc (lpAddress=0x12c9c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12c9c000 [0099.730] GetFileType (hFile=0x274) returned 0x1 [0099.731] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.731] ReadFile (in: hFile=0x274, lpBuffer=0x12c9c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x12c9c000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.731] VirtualAlloc (lpAddress=0x12ca0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ca0000 [0099.731] GetFileType (hFile=0x274) returned 0x1 [0099.731] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.731] WriteFile (in: hFile=0x274, lpBuffer=0x12ca0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x12ca0000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.732] GetFileType (hFile=0x274) returned 0x1 [0099.732] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x10000, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.732] ReadFile (in: hFile=0x274, lpBuffer=0x12c9c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x12c9c000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.732] GetFileType (hFile=0x274) returned 0x1 [0099.732] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x10000, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.732] WriteFile (in: hFile=0x274, lpBuffer=0x12ca4000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x12ca4000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.732] GetFileType (hFile=0x274) returned 0x1 [0099.732] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.732] SystemFunction036 (in: RandomBuffer=0x12c90701, RandomBufferLength=0x40 | out: RandomBuffer=0x12c90701) returned 1 [0099.733] WriteFile (in: hFile=0x274, lpBuffer=0x1281091c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x1281091c*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0099.733] WriteFile (in: hFile=0x274, lpBuffer=0x12c90800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12c90800*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0099.733] CloseHandle (hObject=0x274) returned 1 [0099.745] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\9lLzQ.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\9llzq.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\9lLzQ.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\9llzq.avi.crypted"), dwFlags=0x1) returned 1 [0099.746] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\9lLzQ.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\9llzq.avi")) returned 0xffffffff [0099.746] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0099.803] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0099.820] SetEvent (hEvent=0x1a4) returned 1 [0099.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\3aeT y.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\3aet y.swf"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31805f0, ftCreationTime.dwHighDateTime=0x1d6ff4f, ftLastAccessTime.dwLowDateTime=0xf80f60f0, ftLastAccessTime.dwHighDateTime=0x1d708b1, ftLastWriteTime.dwLowDateTime=0xf80f60f0, ftLastWriteTime.dwHighDateTime=0x1d708b1, nFileSizeHigh=0x0, nFileSizeLow=0x12f4c)) returned 1 [0099.821] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\3aeT y.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\3aet y.swf")) returned 0x20 [0099.821] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\3aeT y.swf", dwFileAttributes=0x20) returned 1 [0099.821] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\3aeT y.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\3aet y.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.821] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0099.821] GetFileType (hFile=0x274) returned 0x1 [0099.821] GetFileType (hFile=0x274) returned 0x1 [0099.821] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.821] ReadFile (in: hFile=0x274, lpBuffer=0x12810924, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x12810924*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0099.821] SystemFunction036 (in: RandomBuffer=0x129fe898, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe898) returned 1 [0099.821] SystemFunction036 (in: RandomBuffer=0x129fe8a8, RandomBufferLength=0x10 | out: RandomBuffer=0x129fe8a8) returned 1 [0099.821] GetFileType (hFile=0x274) returned 0x1 [0099.821] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.822] ReadFile (in: hFile=0x274, lpBuffer=0x12cac000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x12cac000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.822] GetFileType (hFile=0x274) returned 0x1 [0099.822] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.822] WriteFile (in: hFile=0x274, lpBuffer=0x12cb2000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x12cb2000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.822] GetFileType (hFile=0x274) returned 0x1 [0099.822] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.822] SystemFunction036 (in: RandomBuffer=0x12c90a01, RandomBufferLength=0x40 | out: RandomBuffer=0x12c90a01) returned 1 [0099.823] WriteFile (in: hFile=0x274, lpBuffer=0x12810980*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12810980*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0099.823] WriteFile (in: hFile=0x274, lpBuffer=0x12c90b00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12c90b00*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0099.823] CloseHandle (hObject=0x274) returned 1 [0099.827] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\3aeT y.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\3aet y.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\3aeT y.swf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\3aet y.swf.crypted"), dwFlags=0x1) returned 1 [0099.827] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\3aeT y.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\3aet y.swf")) returned 0xffffffff [0099.827] SetEvent (hEvent=0x278) returned 1 [0099.827] VirtualFree (lpAddress=0x12dc0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.828] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0099.867] SetEvent (hEvent=0x1a4) returned 1 [0099.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\VOxYfcqy oiokY91TZs.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\voxyfcqy oioky91tzs.flv"), fInfoLevelId=0x0, lpFileInformation=0x12b11c44 | out: lpFileInformation=0x12b11c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd56d8e0, ftCreationTime.dwHighDateTime=0x1d6fcd1, ftLastAccessTime.dwLowDateTime=0x92b35e80, ftLastAccessTime.dwHighDateTime=0x1d70791, ftLastWriteTime.dwLowDateTime=0x92b35e80, ftLastWriteTime.dwHighDateTime=0x1d70791, nFileSizeHigh=0x0, nFileSizeLow=0x174bf)) returned 1 [0099.867] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\VOxYfcqy oiokY91TZs.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\voxyfcqy oioky91tzs.flv")) returned 0x20 [0099.867] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\VOxYfcqy oiokY91TZs.flv", dwFileAttributes=0x20) returned 1 [0099.868] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\VOxYfcqy oiokY91TZs.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\voxyfcqy oioky91tzs.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0099.868] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12b11e88 | out: lpMode=0x12b11e88) returned 0 [0099.868] GetFileType (hFile=0x274) returned 0x1 [0099.868] GetFileType (hFile=0x274) returned 0x1 [0099.868] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0099.868] ReadFile (in: hFile=0x274, lpBuffer=0x12810988, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b11d14, lpOverlapped=0x0 | out: lpBuffer=0x12810988*, lpNumberOfBytesRead=0x12b11d14*=0x4, lpOverlapped=0x0) returned 1 [0099.868] SystemFunction036 (in: RandomBuffer=0x129feb18, RandomBufferLength=0x10 | out: RandomBuffer=0x129feb18) returned 1 [0099.868] SystemFunction036 (in: RandomBuffer=0x129feb28, RandomBufferLength=0x10 | out: RandomBuffer=0x129feb28) returned 1 [0099.868] GetFileType (hFile=0x274) returned 0x1 [0099.868] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.868] ReadFile (in: hFile=0x274, lpBuffer=0x12cba000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12b11e80, lpOverlapped=0x0 | out: lpBuffer=0x12cba000*, lpNumberOfBytesRead=0x12b11e80*=0x4000, lpOverlapped=0x0) returned 1 [0099.869] WaitForMultipleObjects (nCount=0x2, lpHandles=0x347afeec*=0x26c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.894] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0099.894] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x347afb20, ulCount=0x10, ulNumEntriesRemoved=0x347afb08, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x347afb20, ulNumEntriesRemoved=0x347afb08) returned 0 [0099.894] SetEvent (hEvent=0x13c) returned 1 [0099.894] SetEvent (hEvent=0x1a4) returned 1 [0099.895] GetFileType (hFile=0x274) returned 0x1 [0099.895] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.895] WriteFile (in: hFile=0x274, lpBuffer=0x12cbe000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12b11e78, lpOverlapped=0x0 | out: lpBuffer=0x12cbe000*, lpNumberOfBytesWritten=0x12b11e78*=0x4000, lpOverlapped=0x0) returned 1 [0099.895] GetFileType (hFile=0x274) returned 0x1 [0099.895] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12b11e9c | out: lpNewFilePointer=0x0) returned 1 [0099.895] SystemFunction036 (in: RandomBuffer=0x12c90d01, RandomBufferLength=0x40 | out: RandomBuffer=0x12c90d01) returned 1 [0099.896] WriteFile (in: hFile=0x274, lpBuffer=0x128109e4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x128109e4*, lpNumberOfBytesWritten=0x12b11d88*=0x4, lpOverlapped=0x0) returned 1 [0099.896] WriteFile (in: hFile=0x274, lpBuffer=0x12c90e00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12b11d88, lpOverlapped=0x0 | out: lpBuffer=0x12c90e00*, lpNumberOfBytesWritten=0x12b11d88*=0x100, lpOverlapped=0x0) returned 1 [0099.896] CloseHandle (hObject=0x274) returned 1 [0099.900] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\VOxYfcqy oiokY91TZs.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\voxyfcqy oioky91tzs.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\VOxYfcqy oiokY91TZs.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\voxyfcqy oioky91tzs.flv.crypted"), dwFlags=0x1) returned 1 [0099.900] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\VOxYfcqy oiokY91TZs.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\voxyfcqy oioky91tzs.flv")) returned 0xffffffff [0099.901] WaitForMultipleObjects (nCount=0x2, lpHandles=0x347afed8*=0x26c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.908] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0099.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x347afed8*=0x26c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.912] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0099.912] WaitForMultipleObjects (nCount=0x2, lpHandles=0x347afeec*=0x26c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.951] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x347afb28, ulCount=0x10, ulNumEntriesRemoved=0x347afb10, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x347afb28, ulNumEntriesRemoved=0x347afb10) returned 0 [0099.951] SetEvent (hEvent=0x13c) returned 1 [0099.951] SetEvent (hEvent=0x278) returned 1 [0099.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x347afee4*=0x26c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.012] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\q7 ECMvYSj2UiPE.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\q7 ecmvysj2uipe.mp4"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0203bc0, ftCreationTime.dwHighDateTime=0x1d6fcdc, ftLastAccessTime.dwLowDateTime=0xe182b0a0, ftLastAccessTime.dwHighDateTime=0x1d6fee6, ftLastWriteTime.dwLowDateTime=0xe182b0a0, ftLastWriteTime.dwHighDateTime=0x1d6fee6, nFileSizeHigh=0x0, nFileSizeLow=0x35d3)) returned 1 [0100.012] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\q7 ECMvYSj2UiPE.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\q7 ecmvysj2uipe.mp4")) returned 0x20 [0100.012] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\q7 ECMvYSj2UiPE.mp4", dwFileAttributes=0x20) returned 1 [0100.013] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\q7 ECMvYSj2UiPE.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\q7 ecmvysj2uipe.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.013] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12837e88 | out: lpMode=0x12837e88) returned 0 [0100.013] GetFileType (hFile=0x274) returned 0x1 [0100.013] GetFileType (hFile=0x274) returned 0x1 [0100.013] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.013] ReadFile (in: hFile=0x274, lpBuffer=0x1288a004, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12837d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a004*, lpNumberOfBytesRead=0x12837d14*=0x4, lpOverlapped=0x0) returned 1 [0100.013] SystemFunction036 (in: RandomBuffer=0x12cd8028, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8028) returned 1 [0100.013] SystemFunction036 (in: RandomBuffer=0x12cd8038, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8038) returned 1 [0100.013] GetFileType (hFile=0x274) returned 0x1 [0100.013] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.013] ReadFile (in: hFile=0x274, lpBuffer=0x12cda000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12837e80, lpOverlapped=0x0 | out: lpBuffer=0x12cda000*, lpNumberOfBytesRead=0x12837e80*=0x35d3, lpOverlapped=0x0) returned 1 [0100.014] GetFileType (hFile=0x274) returned 0x1 [0100.014] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.014] WriteFile (in: hFile=0x274, lpBuffer=0x12ce4000*, nNumberOfBytesToWrite=0x35e0, lpNumberOfBytesWritten=0x12837e78, lpOverlapped=0x0 | out: lpBuffer=0x12ce4000*, lpNumberOfBytesWritten=0x12837e78*=0x35e0, lpOverlapped=0x0) returned 1 [0100.014] GetFileType (hFile=0x274) returned 0x1 [0100.014] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.014] SystemFunction036 (in: RandomBuffer=0x12cf6001, RandomBufferLength=0x40 | out: RandomBuffer=0x12cf6001) returned 1 [0100.015] WriteFile (in: hFile=0x274, lpBuffer=0x1288a0f0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a0f0*, lpNumberOfBytesWritten=0x12837d88*=0x4, lpOverlapped=0x0) returned 1 [0100.015] WriteFile (in: hFile=0x274, lpBuffer=0x12cf6100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x12cf6100*, lpNumberOfBytesWritten=0x12837d88*=0x100, lpOverlapped=0x0) returned 1 [0100.015] CloseHandle (hObject=0x274) returned 1 [0100.019] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\q7 ECMvYSj2UiPE.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\q7 ecmvysj2uipe.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\q7 ECMvYSj2UiPE.mp4.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\q7 ecmvysj2uipe.mp4.crypted"), dwFlags=0x1) returned 1 [0100.020] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\q7 ECMvYSj2UiPE.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\q7 ecmvysj2uipe.mp4")) returned 0xffffffff [0100.020] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\yCcF-EtUVUzhsAQ2.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\yccf-etuvuzhsaq2.flv"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c117330, ftCreationTime.dwHighDateTime=0x1d7037f, ftLastAccessTime.dwLowDateTime=0x494318f0, ftLastAccessTime.dwHighDateTime=0x1d705e6, ftLastWriteTime.dwLowDateTime=0x494318f0, ftLastWriteTime.dwHighDateTime=0x1d705e6, nFileSizeHigh=0x0, nFileSizeLow=0xc9c7)) returned 1 [0100.046] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\yCcF-EtUVUzhsAQ2.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\yccf-etuvuzhsaq2.flv")) returned 0x20 [0100.046] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\yCcF-EtUVUzhsAQ2.flv", dwFileAttributes=0x20) returned 1 [0100.046] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\yCcF-EtUVUzhsAQ2.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\yccf-etuvuzhsaq2.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.047] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12837e88 | out: lpMode=0x12837e88) returned 0 [0100.047] GetFileType (hFile=0x274) returned 0x1 [0100.047] GetFileType (hFile=0x274) returned 0x1 [0100.047] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.047] ReadFile (in: hFile=0x274, lpBuffer=0x1288a0f8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12837d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a0f8*, lpNumberOfBytesRead=0x12837d14*=0x4, lpOverlapped=0x0) returned 1 [0100.047] SystemFunction036 (in: RandomBuffer=0x12cd8168, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8168) returned 1 [0100.047] SystemFunction036 (in: RandomBuffer=0x12cd8178, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8178) returned 1 [0100.047] GetFileType (hFile=0x274) returned 0x1 [0100.047] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.047] ReadFile (in: hFile=0x274, lpBuffer=0x12852000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12837e80, lpOverlapped=0x0 | out: lpBuffer=0x12852000*, lpNumberOfBytesRead=0x12837e80*=0x4000, lpOverlapped=0x0) returned 1 [0100.047] GetFileType (hFile=0x274) returned 0x1 [0100.047] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.047] WriteFile (in: hFile=0x274, lpBuffer=0x12856000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12837e78, lpOverlapped=0x0 | out: lpBuffer=0x12856000*, lpNumberOfBytesWritten=0x12837e78*=0x4000, lpOverlapped=0x0) returned 1 [0100.048] GetFileType (hFile=0x274) returned 0x1 [0100.048] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.048] SystemFunction036 (in: RandomBuffer=0x12cf6301, RandomBufferLength=0x40 | out: RandomBuffer=0x12cf6301) returned 1 [0100.048] WriteFile (in: hFile=0x274, lpBuffer=0x1288a164*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a164*, lpNumberOfBytesWritten=0x12837d88*=0x4, lpOverlapped=0x0) returned 1 [0100.048] WriteFile (in: hFile=0x274, lpBuffer=0x12cf6400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x12cf6400*, lpNumberOfBytesWritten=0x12837d88*=0x100, lpOverlapped=0x0) returned 1 [0100.048] CloseHandle (hObject=0x274) returned 1 [0100.051] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\yCcF-EtUVUzhsAQ2.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\yccf-etuvuzhsaq2.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\yCcF-EtUVUzhsAQ2.flv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\yccf-etuvuzhsaq2.flv.crypted"), dwFlags=0x1) returned 1 [0100.051] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\giDMeosqH0NeSG\\yCcF-EtUVUzhsAQ2.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\gidmeosqh0nesg\\yccf-etuvuzhsaq2.flv")) returned 0xffffffff [0100.051] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.134] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.148] SetEvent (hEvent=0x1a4) returned 1 [0100.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\gwZvyQHZjiAyvA06ZZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\gwzvyqhzjiayva06zz.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafa2b9b0, ftCreationTime.dwHighDateTime=0x1d6fa16, ftLastAccessTime.dwLowDateTime=0x9a15c1b0, ftLastAccessTime.dwHighDateTime=0x1d6fab5, ftLastWriteTime.dwLowDateTime=0x9a15c1b0, ftLastWriteTime.dwHighDateTime=0x1d6fab5, nFileSizeHigh=0x0, nFileSizeLow=0xa841)) returned 1 [0100.148] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\gwZvyQHZjiAyvA06ZZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\gwzvyqhzjiayva06zz.mkv")) returned 0x20 [0100.149] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\gwZvyQHZjiAyvA06ZZ.mkv", dwFileAttributes=0x20) returned 1 [0100.149] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\gwZvyQHZjiAyvA06ZZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\gwzvyqhzjiayva06zz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.149] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12837e88 | out: lpMode=0x12837e88) returned 0 [0100.149] GetFileType (hFile=0x274) returned 0x1 [0100.149] GetFileType (hFile=0x274) returned 0x1 [0100.150] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.150] ReadFile (in: hFile=0x274, lpBuffer=0x1288a16c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12837d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a16c*, lpNumberOfBytesRead=0x12837d14*=0x4, lpOverlapped=0x0) returned 1 [0100.150] SystemFunction036 (in: RandomBuffer=0x12cd82a8, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd82a8) returned 1 [0100.150] SystemFunction036 (in: RandomBuffer=0x12cd82b8, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd82b8) returned 1 [0100.150] GetFileType (hFile=0x274) returned 0x1 [0100.150] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.150] ReadFile (in: hFile=0x274, lpBuffer=0x1285c000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12837e80, lpOverlapped=0x0 | out: lpBuffer=0x1285c000*, lpNumberOfBytesRead=0x12837e80*=0x4000, lpOverlapped=0x0) returned 1 [0100.150] GetFileType (hFile=0x274) returned 0x1 [0100.150] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.151] WriteFile (in: hFile=0x274, lpBuffer=0x12860000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12837e78, lpOverlapped=0x0 | out: lpBuffer=0x12860000*, lpNumberOfBytesWritten=0x12837e78*=0x4000, lpOverlapped=0x0) returned 1 [0100.151] GetFileType (hFile=0x274) returned 0x1 [0100.151] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.151] SystemFunction036 (in: RandomBuffer=0x12cf6601, RandomBufferLength=0x40 | out: RandomBuffer=0x12cf6601) returned 1 [0100.151] WriteFile (in: hFile=0x274, lpBuffer=0x1288a1c8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a1c8*, lpNumberOfBytesWritten=0x12837d88*=0x4, lpOverlapped=0x0) returned 1 [0100.152] WriteFile (in: hFile=0x274, lpBuffer=0x12cf6700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x12cf6700*, lpNumberOfBytesWritten=0x12837d88*=0x100, lpOverlapped=0x0) returned 1 [0100.152] CloseHandle (hObject=0x274) returned 1 [0100.157] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\gwZvyQHZjiAyvA06ZZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\gwzvyqhzjiayva06zz.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\gwZvyQHZjiAyvA06ZZ.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\gwzvyqhzjiayva06zz.mkv.crypted"), dwFlags=0x1) returned 1 [0100.158] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\AAr6B\\fGXoIXk\\oo77\\gwZvyQHZjiAyvA06ZZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\aar6b\\fgxoixk\\oo77\\gwzvyqhzjiayva06zz.mkv")) returned 0xffffffff [0100.158] SetEvent (hEvent=0x260) returned 1 [0100.158] VirtualFree (lpAddress=0x12db4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.159] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.278] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.295] SetEvent (hEvent=0x1a4) returned 1 [0100.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\er5glMfqhf7.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\er5glmfqhf7.mkv"), fInfoLevelId=0x0, lpFileInformation=0x12837c44 | out: lpFileInformation=0x12837c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea11fbf0, ftCreationTime.dwHighDateTime=0x1d6fada, ftLastAccessTime.dwLowDateTime=0xc0cb8e90, ftLastAccessTime.dwHighDateTime=0x1d6ffa9, ftLastWriteTime.dwLowDateTime=0xc0cb8e90, ftLastWriteTime.dwHighDateTime=0x1d6ffa9, nFileSizeHigh=0x0, nFileSizeLow=0x1539d)) returned 1 [0100.295] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\er5glMfqhf7.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\er5glmfqhf7.mkv")) returned 0x20 [0100.295] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\er5glMfqhf7.mkv", dwFileAttributes=0x20) returned 1 [0100.295] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\er5glMfqhf7.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\er5glmfqhf7.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0100.296] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12837e88 | out: lpMode=0x12837e88) returned 0 [0100.296] GetFileType (hFile=0x274) returned 0x1 [0100.296] GetFileType (hFile=0x274) returned 0x1 [0100.296] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0100.296] ReadFile (in: hFile=0x274, lpBuffer=0x1288a234, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12837d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a234*, lpNumberOfBytesRead=0x12837d14*=0x4, lpOverlapped=0x0) returned 1 [0100.296] SystemFunction036 (in: RandomBuffer=0x12cd8758, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8758) returned 1 [0100.296] SystemFunction036 (in: RandomBuffer=0x12cd8768, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8768) returned 1 [0100.296] GetFileType (hFile=0x274) returned 0x1 [0100.296] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.296] ReadFile (in: hFile=0x274, lpBuffer=0x12876000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12837e80, lpOverlapped=0x0 | out: lpBuffer=0x12876000*, lpNumberOfBytesRead=0x12837e80*=0x4000, lpOverlapped=0x0) returned 1 [0100.296] GetFileType (hFile=0x274) returned 0x1 [0100.296] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.297] WriteFile (in: hFile=0x274, lpBuffer=0x1287a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12837e78, lpOverlapped=0x0 | out: lpBuffer=0x1287a000*, lpNumberOfBytesWritten=0x12837e78*=0x4000, lpOverlapped=0x0) returned 1 [0100.297] GetFileType (hFile=0x274) returned 0x1 [0100.297] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.297] ReadFile (in: hFile=0x274, lpBuffer=0x12876000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12837e80, lpOverlapped=0x0 | out: lpBuffer=0x12876000*, lpNumberOfBytesRead=0x12837e80*=0x4000, lpOverlapped=0x0) returned 1 [0100.297] GetFileType (hFile=0x274) returned 0x1 [0100.297] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xc000, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.297] WriteFile (in: hFile=0x274, lpBuffer=0x1290a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12837e78, lpOverlapped=0x0 | out: lpBuffer=0x1290a000*, lpNumberOfBytesWritten=0x12837e78*=0x4000, lpOverlapped=0x0) returned 1 [0100.297] GetFileType (hFile=0x274) returned 0x1 [0100.297] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12837e9c | out: lpNewFilePointer=0x0) returned 1 [0100.298] SystemFunction036 (in: RandomBuffer=0x12cf6f01, RandomBufferLength=0x40 | out: RandomBuffer=0x12cf6f01) returned 1 [0100.298] WriteFile (in: hFile=0x274, lpBuffer=0x1288a290*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a290*, lpNumberOfBytesWritten=0x12837d88*=0x4, lpOverlapped=0x0) returned 1 [0100.301] WriteFile (in: hFile=0x274, lpBuffer=0x12cf7000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12837d88, lpOverlapped=0x0 | out: lpBuffer=0x12cf7000*, lpNumberOfBytesWritten=0x12837d88*=0x100, lpOverlapped=0x0) returned 1 [0100.302] CloseHandle (hObject=0x274) returned 1 [0100.305] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\er5glMfqhf7.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\er5glmfqhf7.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\er5glMfqhf7.mkv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\er5glmfqhf7.mkv.crypted"), dwFlags=0x1) returned 1 [0100.305] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\R9kOXEGtjBQG4RnNd\\er5glMfqhf7.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r9koxegtjbqg4rnnd\\er5glmfqhf7.mkv")) returned 0xffffffff [0100.305] SetEvent (hEvent=0x1d0) returned 1 [0100.305] VirtualFree (lpAddress=0x12db0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.306] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.444] SetEvent (hEvent=0x2a4) returned 1 [0100.444] VirtualFree (lpAddress=0x12dac000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.ini"), fInfoLevelId=0x0, lpFileInformation=0x12917c44 | out: lpFileInformation=0x12917c44*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x14)) returned 1 [0100.445] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.ini")) returned 0x6 [0100.445] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini", dwFileAttributes=0x6) returned 1 [0100.445] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x300 [0100.445] GetConsoleMode (in: hConsoleHandle=0x300, lpMode=0x12917e88 | out: lpMode=0x12917e88) returned 0 [0100.445] GetFileType (hFile=0x300) returned 0x1 [0100.445] SystemFunction036 (in: RandomBuffer=0x12cd8ca8, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8ca8) returned 1 [0100.445] SystemFunction036 (in: RandomBuffer=0x12cd8cb8, RandomBufferLength=0x10 | out: RandomBuffer=0x12cd8cb8) returned 1 [0100.445] GetFileType (hFile=0x300) returned 0x1 [0100.445] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0100.445] ReadFile (in: hFile=0x300, lpBuffer=0x12936000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12917e80, lpOverlapped=0x0 | out: lpBuffer=0x12936000*, lpNumberOfBytesRead=0x12917e80*=0x14, lpOverlapped=0x0) returned 1 [0100.446] GetFileType (hFile=0x300) returned 0x1 [0100.446] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0100.446] WriteFile (in: hFile=0x300, lpBuffer=0x1287e020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x12917e78, lpOverlapped=0x0 | out: lpBuffer=0x1287e020*, lpNumberOfBytesWritten=0x12917e78*=0x20, lpOverlapped=0x0) returned 1 [0100.447] GetFileType (hFile=0x300) returned 0x1 [0100.447] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12917e9c | out: lpNewFilePointer=0x0) returned 1 [0100.447] SystemFunction036 (in: RandomBuffer=0x12cf7701, RandomBufferLength=0x40 | out: RandomBuffer=0x12cf7701) returned 1 [0100.447] WriteFile (in: hFile=0x300, lpBuffer=0x1288a38c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12917d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a38c*, lpNumberOfBytesWritten=0x12917d88*=0x4, lpOverlapped=0x0) returned 1 [0100.447] WriteFile (in: hFile=0x300, lpBuffer=0x12cf7800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12917d88, lpOverlapped=0x0 | out: lpBuffer=0x12cf7800*, lpNumberOfBytesWritten=0x12917d88*=0x100, lpOverlapped=0x0) returned 1 [0100.447] CloseHandle (hObject=0x300) returned 1 [0100.485] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.ini.crypted"), dwFlags=0x1) returned 1 [0100.486] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.ini")) returned 0xffffffff [0100.486] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.808] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.847] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0100.919] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0101.085] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0101.136] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0101.229] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0101.323] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0101.372] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0101.472] SetEvent (hEvent=0x278) returned 1 [0101.472] SetEvent (hEvent=0x1a4) returned 1 [0101.472] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0x1290e300*, nNumberOfCharsToWrite=0x9, lpNumberOfCharsWritten=0x129a5a78, lpReserved=0x0 | out: lpBuffer=0x1290e300*, lpNumberOfCharsWritten=0x129a5a78*=0x9) returned 1 [0101.484] ExitProcess (uExitCode=0x0) Thread: id = 35 os_tid = 0x13c8 [0094.583] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x348eff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x348eff28*=0x164) returned 1 [0094.583] VirtualQuery (in: lpAddress=0x348eff38, lpBuffer=0x348eff38, dwLength=0x1c | out: lpBuffer=0x348eff38*(BaseAddress=0x348ef000, AllocationBase=0x347f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.584] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x21ac80, lpParameter=0x12881200, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x28c [0094.584] CloseHandle (hObject=0x28c) returned 1 [0094.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lL0dIZF59JV6cM.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ll0dizf59jv6cm.wav"), fInfoLevelId=0x0, lpFileInformation=0x12a4dc44 | out: lpFileInformation=0x12a4dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77fc61c0, ftCreationTime.dwHighDateTime=0x1d708c4, ftLastAccessTime.dwLowDateTime=0xfc398a50, ftLastAccessTime.dwHighDateTime=0x1d709bc, ftLastWriteTime.dwLowDateTime=0xfc398a50, ftLastWriteTime.dwHighDateTime=0x1d709bc, nFileSizeHigh=0x0, nFileSizeLow=0x83df)) returned 1 [0094.584] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lL0dIZF59JV6cM.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ll0dizf59jv6cm.wav")) returned 0x20 [0094.584] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lL0dIZF59JV6cM.wav", dwFileAttributes=0x20) returned 1 [0094.584] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lL0dIZF59JV6cM.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ll0dizf59jv6cm.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0094.585] GetConsoleMode (in: hConsoleHandle=0x28c, lpMode=0x12a4de88 | out: lpMode=0x12a4de88) returned 0 [0094.585] GetFileType (hFile=0x28c) returned 0x1 [0094.585] GetFileType (hFile=0x28c) returned 0x1 [0094.585] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.585] ReadFile (in: hFile=0x28c, lpBuffer=0x1288b524, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a4dd14, lpOverlapped=0x0 | out: lpBuffer=0x1288b524*, lpNumberOfBytesRead=0x12a4dd14*=0x4, lpOverlapped=0x0) returned 1 [0094.585] SystemFunction036 (in: RandomBuffer=0x128cd748, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd748) returned 1 [0094.585] SystemFunction036 (in: RandomBuffer=0x128cd758, RandomBufferLength=0x10 | out: RandomBuffer=0x128cd758) returned 1 [0094.585] VirtualAlloc (lpAddress=0x12b44000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b44000 [0094.585] GetFileType (hFile=0x28c) returned 0x1 [0094.585] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0094.585] ReadFile (in: hFile=0x28c, lpBuffer=0x12b44000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4de80, lpOverlapped=0x0 | out: lpBuffer=0x12b44000*, lpNumberOfBytesRead=0x12a4de80*=0x4000, lpOverlapped=0x0) returned 1 [0094.586] VirtualAlloc (lpAddress=0x12b48000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b48000 [0094.587] GetFileType (hFile=0x28c) returned 0x1 [0094.587] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0094.587] WriteFile (in: hFile=0x28c, lpBuffer=0x12b48000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4de78, lpOverlapped=0x0 | out: lpBuffer=0x12b48000*, lpNumberOfBytesWritten=0x12a4de78*=0x4000, lpOverlapped=0x0) returned 1 [0094.587] GetFileType (hFile=0x28c) returned 0x1 [0094.587] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0094.587] SystemFunction036 (in: RandomBuffer=0x128dff01, RandomBufferLength=0x40 | out: RandomBuffer=0x128dff01) returned 1 [0094.587] VirtualAlloc (lpAddress=0x12b4c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b4c000 [0094.587] VirtualAlloc (lpAddress=0x12b4e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b4e000 [0094.588] VirtualAlloc (lpAddress=0x12b52000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b52000 [0094.588] WriteFile (in: hFile=0x28c, lpBuffer=0x1288b580*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x1288b580*, lpNumberOfBytesWritten=0x12a4dd88*=0x4, lpOverlapped=0x0) returned 1 [0094.588] WriteFile (in: hFile=0x28c, lpBuffer=0x12b52000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x12b52000*, lpNumberOfBytesWritten=0x12a4dd88*=0x100, lpOverlapped=0x0) returned 1 [0094.588] CloseHandle (hObject=0x28c) returned 1 [0094.605] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lL0dIZF59JV6cM.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ll0dizf59jv6cm.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lL0dIZF59JV6cM.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ll0dizf59jv6cm.wav.crypted"), dwFlags=0x1) returned 1 [0095.907] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lL0dIZF59JV6cM.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ll0dizf59jv6cm.wav")) returned 0xffffffff [0095.976] SetEvent (hEvent=0x2ec) returned 1 [0095.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\C0S2WHYz.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\c0s2whyz.ppt"), fInfoLevelId=0x0, lpFileInformation=0x12a4dc44 | out: lpFileInformation=0x12a4dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723e8cd0, ftCreationTime.dwHighDateTime=0x1d701d6, ftLastAccessTime.dwLowDateTime=0xe53a4b70, ftLastAccessTime.dwHighDateTime=0x1d704ba, ftLastWriteTime.dwLowDateTime=0xe53a4b70, ftLastWriteTime.dwHighDateTime=0x1d704ba, nFileSizeHigh=0x0, nFileSizeLow=0x73f7)) returned 1 [0095.976] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\C0S2WHYz.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\c0s2whyz.ppt")) returned 0x20 [0095.976] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\C0S2WHYz.ppt", dwFileAttributes=0x20) returned 1 [0095.976] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\C0S2WHYz.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\c0s2whyz.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0095.976] GetConsoleMode (in: hConsoleHandle=0x28c, lpMode=0x12a4de88 | out: lpMode=0x12a4de88) returned 0 [0095.976] GetFileType (hFile=0x28c) returned 0x1 [0095.977] GetFileType (hFile=0x28c) returned 0x1 [0095.977] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.977] ReadFile (in: hFile=0x28c, lpBuffer=0x12810318, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a4dd14, lpOverlapped=0x0 | out: lpBuffer=0x12810318*, lpNumberOfBytesRead=0x12a4dd14*=0x4, lpOverlapped=0x0) returned 1 [0095.977] SystemFunction036 (in: RandomBuffer=0x128167a8, RandomBufferLength=0x10 | out: RandomBuffer=0x128167a8) returned 1 [0095.977] SystemFunction036 (in: RandomBuffer=0x128167b8, RandomBufferLength=0x10 | out: RandomBuffer=0x128167b8) returned 1 [0095.977] VirtualAlloc (lpAddress=0x12d46000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d46000 [0095.978] GetFileType (hFile=0x28c) returned 0x1 [0095.978] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0095.978] ReadFile (in: hFile=0x28c, lpBuffer=0x12d46000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4de80, lpOverlapped=0x0 | out: lpBuffer=0x12d46000*, lpNumberOfBytesRead=0x12a4de80*=0x4000, lpOverlapped=0x0) returned 1 [0095.978] VirtualAlloc (lpAddress=0x12d4a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d4a000 [0095.979] GetFileType (hFile=0x28c) returned 0x1 [0095.979] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0095.979] WriteFile (in: hFile=0x28c, lpBuffer=0x12d4a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4de78, lpOverlapped=0x0 | out: lpBuffer=0x12d4a000*, lpNumberOfBytesWritten=0x12a4de78*=0x4000, lpOverlapped=0x0) returned 1 [0095.979] GetFileType (hFile=0x28c) returned 0x1 [0095.979] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0095.979] SystemFunction036 (in: RandomBuffer=0x12a7e901, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7e901) returned 1 [0095.980] WriteFile (in: hFile=0x28c, lpBuffer=0x12810374*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x12810374*, lpNumberOfBytesWritten=0x12a4dd88*=0x4, lpOverlapped=0x0) returned 1 [0095.980] WriteFile (in: hFile=0x28c, lpBuffer=0x12a7ea00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7ea00*, lpNumberOfBytesWritten=0x12a4dd88*=0x100, lpOverlapped=0x0) returned 1 [0095.980] CloseHandle (hObject=0x28c) returned 1 [0095.982] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\C0S2WHYz.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\c0s2whyz.ppt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\C0S2WHYz.ppt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\c0s2whyz.ppt.crypted"), dwFlags=0x1) returned 1 [0095.982] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\C0S2WHYz.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\c0s2whyz.ppt")) returned 0xffffffff [0095.982] VirtualFree (lpAddress=0x12c8e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.983] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x28c [0095.983] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x310 [0095.983] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0096.052] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0096.062] SetEvent (hEvent=0x2ec) returned 1 [0096.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\uIuruq649yUtUP0eXHg7.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\uiuruq649yutup0exhg7.pps"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdfd21800, ftCreationTime.dwHighDateTime=0x1d70458, ftLastAccessTime.dwLowDateTime=0xa00dcdb0, ftLastAccessTime.dwHighDateTime=0x1d7050a, ftLastWriteTime.dwLowDateTime=0xa00dcdb0, ftLastWriteTime.dwHighDateTime=0x1d7050a, nFileSizeHigh=0x0, nFileSizeLow=0x4178)) returned 1 [0096.062] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\uIuruq649yUtUP0eXHg7.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\uiuruq649yutup0exhg7.pps")) returned 0x20 [0096.062] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\uIuruq649yUtUP0eXHg7.pps", dwFileAttributes=0x20) returned 1 [0096.062] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\uIuruq649yUtUP0eXHg7.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\uiuruq649yutup0exhg7.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ac [0096.062] GetConsoleMode (in: hConsoleHandle=0x2ac, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0096.062] GetFileType (hFile=0x2ac) returned 0x1 [0096.062] GetFileType (hFile=0x2ac) returned 0x1 [0096.062] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.063] ReadFile (in: hFile=0x2ac, lpBuffer=0x1298e3b8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e3b8*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0096.063] SystemFunction036 (in: RandomBuffer=0x12be50b8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be50b8) returned 1 [0096.063] SystemFunction036 (in: RandomBuffer=0x12be50c8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be50c8) returned 1 [0096.063] VirtualAlloc (lpAddress=0x12cfa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cfa000 [0096.063] GetFileType (hFile=0x2ac) returned 0x1 [0096.063] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0096.063] ReadFile (in: hFile=0x2ac, lpBuffer=0x12cfa000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12cfa000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.064] GetFileType (hFile=0x2ac) returned 0x1 [0096.064] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0096.064] WriteFile (in: hFile=0x2ac, lpBuffer=0x128e2000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x128e2000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.067] GetFileType (hFile=0x2ac) returned 0x1 [0096.067] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0096.067] SystemFunction036 (in: RandomBuffer=0x12cec401, RandomBufferLength=0x40 | out: RandomBuffer=0x12cec401) returned 1 [0096.068] WriteFile (in: hFile=0x2ac, lpBuffer=0x1298e414*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e414*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0096.068] WriteFile (in: hFile=0x2ac, lpBuffer=0x12cec500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12cec500*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0096.068] CloseHandle (hObject=0x2ac) returned 1 [0096.069] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\uIuruq649yUtUP0eXHg7.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\uiuruq649yutup0exhg7.pps"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\uIuruq649yUtUP0eXHg7.pps.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\uiuruq649yutup0exhg7.pps.crypted"), dwFlags=0x1) returned 1 [0096.070] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\uIuruq649yUtUP0eXHg7.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\uiuruq649yutup0exhg7.pps")) returned 0xffffffff [0096.070] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) Thread: id = 36 os_tid = 0x10b8 [0094.635] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x34a2ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x34a2ff28*=0x290) returned 1 [0094.635] VirtualQuery (in: lpAddress=0x34a2ff38, lpBuffer=0x34a2ff38, dwLength=0x1c | out: lpBuffer=0x34a2ff38*(BaseAddress=0x34a2f000, AllocationBase=0x34930000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.635] VirtualAlloc (lpAddress=0x12a6a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a6a000 [0094.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lXxjNJbLBvyc-mw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxxjnjblbvyc-mw.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12a6fc44 | out: lpFileInformation=0x12a6fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x250bb70, ftCreationTime.dwHighDateTime=0x1d6fbc6, ftLastAccessTime.dwLowDateTime=0x6f8a2b60, ftLastAccessTime.dwHighDateTime=0x1d6feda, ftLastWriteTime.dwLowDateTime=0x6f8a2b60, ftLastWriteTime.dwHighDateTime=0x1d6feda, nFileSizeHigh=0x0, nFileSizeLow=0x91fe)) returned 1 [0094.644] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lXxjNJbLBvyc-mw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxxjnjblbvyc-mw.mp3")) returned 0x20 [0094.644] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lXxjNJbLBvyc-mw.mp3", dwFileAttributes=0x20) returned 1 [0094.644] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lXxjNJbLBvyc-mw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxxjnjblbvyc-mw.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0094.644] GetConsoleMode (in: hConsoleHandle=0x294, lpMode=0x12a6fe88 | out: lpMode=0x12a6fe88) returned 0 [0094.644] GetFileType (hFile=0x294) returned 0x1 [0094.644] GetFileType (hFile=0x294) returned 0x1 [0094.644] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.644] ReadFile (in: hFile=0x294, lpBuffer=0x12810604, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6fd14, lpOverlapped=0x0 | out: lpBuffer=0x12810604*, lpNumberOfBytesRead=0x12a6fd14*=0x4, lpOverlapped=0x0) returned 1 [0094.645] SystemFunction036 (in: RandomBuffer=0x12817068, RandomBufferLength=0x10 | out: RandomBuffer=0x12817068) returned 1 [0094.645] SystemFunction036 (in: RandomBuffer=0x12817078, RandomBufferLength=0x10 | out: RandomBuffer=0x12817078) returned 1 [0094.645] VirtualAlloc (lpAddress=0x12a72000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a72000 [0094.645] GetFileType (hFile=0x294) returned 0x1 [0094.645] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.645] ReadFile (in: hFile=0x294, lpBuffer=0x12a72000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6fe80, lpOverlapped=0x0 | out: lpBuffer=0x12a72000*, lpNumberOfBytesRead=0x12a6fe80*=0x4000, lpOverlapped=0x0) returned 1 [0094.645] VirtualAlloc (lpAddress=0x12a76000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a76000 [0094.646] GetFileType (hFile=0x294) returned 0x1 [0094.646] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.646] WriteFile (in: hFile=0x294, lpBuffer=0x12a76000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6fe78, lpOverlapped=0x0 | out: lpBuffer=0x12a76000*, lpNumberOfBytesWritten=0x12a6fe78*=0x4000, lpOverlapped=0x0) returned 1 [0094.646] GetFileType (hFile=0x294) returned 0x1 [0094.646] SetFilePointerEx (in: hFile=0x294, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0094.646] SystemFunction036 (in: RandomBuffer=0x1287fc01, RandomBufferLength=0x40 | out: RandomBuffer=0x1287fc01) returned 1 [0094.647] VirtualAlloc (lpAddress=0x12a7a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12a7a000 [0094.647] WriteFile (in: hFile=0x294, lpBuffer=0x12810660*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12810660*, lpNumberOfBytesWritten=0x12a6fd88*=0x4, lpOverlapped=0x0) returned 1 [0094.647] WriteFile (in: hFile=0x294, lpBuffer=0x1287fd00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x1287fd00*, lpNumberOfBytesWritten=0x12a6fd88*=0x100, lpOverlapped=0x0) returned 1 [0094.647] CloseHandle (hObject=0x294) returned 1 [0094.668] VirtualAlloc (lpAddress=0x129fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x129fe000 [0094.668] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lXxjNJbLBvyc-mw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxxjnjblbvyc-mw.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lXxjNJbLBvyc-mw.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxxjnjblbvyc-mw.mp3.crypted"), dwFlags=0x1) returned 1 [0096.052] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lXxjNJbLBvyc-mw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lxxjnjblbvyc-mw.mp3")) returned 0xffffffff [0096.092] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ac [0096.092] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1b8 [0096.092] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0xffffffff) returned 0x0 [0096.123] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\H09VzhhJy701Zn.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\h09vzhhjy701zn.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b5d6e30, ftCreationTime.dwHighDateTime=0x1d70394, ftLastAccessTime.dwLowDateTime=0x81734690, ftLastAccessTime.dwHighDateTime=0x1d704bb, ftLastWriteTime.dwLowDateTime=0x81734690, ftLastWriteTime.dwHighDateTime=0x1d704bb, nFileSizeHigh=0x0, nFileSizeLow=0x13c0c)) returned 1 [0096.123] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\H09VzhhJy701Zn.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\h09vzhhjy701zn.pptx")) returned 0x20 [0096.123] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\H09VzhhJy701Zn.pptx", dwFileAttributes=0x20) returned 1 [0096.124] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\H09VzhhJy701Zn.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\h09vzhhjy701zn.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0096.124] GetConsoleMode (in: hConsoleHandle=0x314, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0096.124] GetFileType (hFile=0x314) returned 0x1 [0096.124] GetFileType (hFile=0x314) returned 0x1 [0096.124] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.124] ReadFile (in: hFile=0x314, lpBuffer=0x1298e42c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e42c*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0096.124] SystemFunction036 (in: RandomBuffer=0x12be51f8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be51f8) returned 1 [0096.124] SystemFunction036 (in: RandomBuffer=0x12be5208, RandomBufferLength=0x10 | out: RandomBuffer=0x12be5208) returned 1 [0096.124] GetFileType (hFile=0x314) returned 0x1 [0096.124] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0096.125] ReadFile (in: hFile=0x314, lpBuffer=0x12924000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12924000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.125] GetFileType (hFile=0x314) returned 0x1 [0096.125] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0096.125] WriteFile (in: hFile=0x314, lpBuffer=0x12932000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12932000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.125] GetFileType (hFile=0x314) returned 0x1 [0096.125] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0096.126] SystemFunction036 (in: RandomBuffer=0x12cec801, RandomBufferLength=0x40 | out: RandomBuffer=0x12cec801) returned 1 [0096.126] VirtualAlloc (lpAddress=0x12cfe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cfe000 [0096.126] WriteFile (in: hFile=0x314, lpBuffer=0x1298e488*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e488*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0096.127] WriteFile (in: hFile=0x314, lpBuffer=0x12cec900*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12cec900*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0096.127] CloseHandle (hObject=0x314) returned 1 [0096.132] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\H09VzhhJy701Zn.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\h09vzhhjy701zn.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\H09VzhhJy701Zn.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\h09vzhhjy701zn.pptx.crypted"), dwFlags=0x1) returned 1 [0096.133] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\H09VzhhJy701Zn.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\h09vzhhjy701zn.pptx")) returned 0xffffffff [0096.133] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0xffffffff) returned 0x0 [0096.172] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0xffffffff) returned 0x0 [0096.205] SetEvent (hEvent=0x2ec) returned 1 [0096.205] VirtualFree (lpAddress=0x12c84000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my music"), fInfoLevelId=0x0, lpFileInformation=0x12a6fc44 | out: lpFileInformation=0x12a6fc44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.206] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my music"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x308 [0096.206] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0x12a6fbd0 | out: lpFileInformation=0x12a6fbd0) returned 1 [0096.206] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0x12a6fbc8, dwBufferSize=0x8 | out: lpFileInformation=0x12a6fbc8) returned 1 [0096.206] CloseHandle (hObject=0x308) returned 1 [0096.206] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my music")) returned 0x2416 [0096.206] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music", dwFileAttributes=0x2416) returned 1 [0096.206] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my music"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.206] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music\\*", lpFindFileData=0x12a6fb9c | out: lpFindFileData=0x12a6fb9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0096.207] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my music")) returned 0x2416 [0096.207] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music", dwFileAttributes=0x2417) returned 1 [0096.207] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0xffffffff) returned 0x0 [0096.281] VirtualFree (lpAddress=0x12c80000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.281] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x34a2fa24, ulCount=0x10, ulNumEntriesRemoved=0x34a2fa0c, dwMilliseconds=0x26, fAlertable=0 | out: lpCompletionPortEntries=0x34a2fa24, ulNumEntriesRemoved=0x34a2fa0c) returned 0 [0096.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XnU2rHF.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xnu2rhf.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2e9ff20, ftCreationTime.dwHighDateTime=0x1d6be50, ftLastAccessTime.dwLowDateTime=0x1c3c3050, ftLastAccessTime.dwHighDateTime=0x1d6c368, ftLastWriteTime.dwLowDateTime=0x1c3c3050, ftLastWriteTime.dwHighDateTime=0x1d6c368, nFileSizeHigh=0x0, nFileSizeLow=0x7a25)) returned 1 [0096.343] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XnU2rHF.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xnu2rhf.xlsx")) returned 0x20 [0096.343] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XnU2rHF.xlsx", dwFileAttributes=0x20) returned 1 [0096.344] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XnU2rHF.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xnu2rhf.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0096.344] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0096.344] GetFileType (hFile=0x304) returned 0x1 [0096.344] GetFileType (hFile=0x304) returned 0x1 [0096.344] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.344] ReadFile (in: hFile=0x304, lpBuffer=0x1288a538, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a538*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0096.344] SystemFunction036 (in: RandomBuffer=0x12d17a18, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17a18) returned 1 [0096.344] SystemFunction036 (in: RandomBuffer=0x12d17a28, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17a28) returned 1 [0096.344] GetFileType (hFile=0x304) returned 0x1 [0096.344] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.344] ReadFile (in: hFile=0x304, lpBuffer=0x12966000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12966000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.344] GetFileType (hFile=0x304) returned 0x1 [0096.344] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.345] WriteFile (in: hFile=0x304, lpBuffer=0x1296a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x1296a000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.345] GetFileType (hFile=0x304) returned 0x1 [0096.345] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.345] SystemFunction036 (in: RandomBuffer=0x128c4301, RandomBufferLength=0x40 | out: RandomBuffer=0x128c4301) returned 1 [0096.345] WriteFile (in: hFile=0x304, lpBuffer=0x1288a594*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a594*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0096.345] WriteFile (in: hFile=0x304, lpBuffer=0x128c4400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x128c4400*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0096.346] CloseHandle (hObject=0x304) returned 1 [0096.347] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XnU2rHF.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xnu2rhf.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XnU2rHF.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xnu2rhf.xlsx.crypted"), dwFlags=0x1) returned 1 [0096.348] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XnU2rHF.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xnu2rhf.xlsx")) returned 0xffffffff [0096.348] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x34a2fa04, ulCount=0x10, ulNumEntriesRemoved=0x34a2f9ec, dwMilliseconds=0x22, fAlertable=0 | out: lpCompletionPortEntries=0x34a2fa04, ulNumEntriesRemoved=0x34a2f9ec) returned 0 [0096.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nzJDx.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nzjdx.ods"), fInfoLevelId=0x0, lpFileInformation=0x12a6fc44 | out: lpFileInformation=0x12a6fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42b59320, ftCreationTime.dwHighDateTime=0x1d701c5, ftLastAccessTime.dwLowDateTime=0xfef70f50, ftLastAccessTime.dwHighDateTime=0x1d702fb, ftLastWriteTime.dwLowDateTime=0xfef70f50, ftLastWriteTime.dwHighDateTime=0x1d702fb, nFileSizeHigh=0x0, nFileSizeLow=0x14ef3)) returned 1 [0096.411] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nzJDx.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nzjdx.ods")) returned 0x20 [0096.411] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nzJDx.ods", dwFileAttributes=0x20) returned 1 [0096.411] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nzJDx.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nzjdx.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0096.412] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12a6fe88 | out: lpMode=0x12a6fe88) returned 0 [0096.412] GetFileType (hFile=0x304) returned 0x1 [0096.412] GetFileType (hFile=0x304) returned 0x1 [0096.412] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.412] ReadFile (in: hFile=0x304, lpBuffer=0x12900288, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6fd14, lpOverlapped=0x0 | out: lpBuffer=0x12900288*, lpNumberOfBytesRead=0x12a6fd14*=0x4, lpOverlapped=0x0) returned 1 [0096.412] SystemFunction036 (in: RandomBuffer=0x12c90f28, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90f28) returned 1 [0096.412] SystemFunction036 (in: RandomBuffer=0x12c90f38, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90f38) returned 1 [0096.412] GetFileType (hFile=0x304) returned 0x1 [0096.412] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.412] ReadFile (in: hFile=0x304, lpBuffer=0x129b6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6fe80, lpOverlapped=0x0 | out: lpBuffer=0x129b6000*, lpNumberOfBytesRead=0x12a6fe80*=0x4000, lpOverlapped=0x0) returned 1 [0096.412] GetFileType (hFile=0x304) returned 0x1 [0096.412] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.412] WriteFile (in: hFile=0x304, lpBuffer=0x129ba000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6fe78, lpOverlapped=0x0 | out: lpBuffer=0x129ba000*, lpNumberOfBytesWritten=0x12a6fe78*=0x4000, lpOverlapped=0x0) returned 1 [0096.413] GetFileType (hFile=0x304) returned 0x1 [0096.413] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.413] SystemFunction036 (in: RandomBuffer=0x12c73301, RandomBufferLength=0x40 | out: RandomBuffer=0x12c73301) returned 1 [0096.413] WriteFile (in: hFile=0x304, lpBuffer=0x129002e4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x129002e4*, lpNumberOfBytesWritten=0x12a6fd88*=0x4, lpOverlapped=0x0) returned 1 [0096.413] WriteFile (in: hFile=0x304, lpBuffer=0x12c73400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12c73400*, lpNumberOfBytesWritten=0x12a6fd88*=0x100, lpOverlapped=0x0) returned 1 [0096.413] CloseHandle (hObject=0x304) returned 1 [0096.419] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nzJDx.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nzjdx.ods"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nzJDx.ods.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nzjdx.ods.crypted"), dwFlags=0x1) returned 1 [0096.419] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nzJDx.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nzjdx.ods")) returned 0xffffffff [0096.419] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x34a2fa04, ulCount=0x10, ulNumEntriesRemoved=0x34a2f9ec, dwMilliseconds=0x15, fAlertable=0 | out: lpCompletionPortEntries=0x34a2fa04, ulNumEntriesRemoved=0x34a2f9ec) returned 0 [0096.467] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x34a2fa04, ulCount=0x10, ulNumEntriesRemoved=0x34a2f9ec, dwMilliseconds=0x4a, fAlertable=0 | out: lpCompletionPortEntries=0x34a2fa04, ulNumEntriesRemoved=0x34a2f9ec) returned 0 [0096.555] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0xffffffff) returned 0x0 [0096.605] SetEvent (hEvent=0x314) returned 1 [0096.605] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0xffffffff) returned 0x0 [0096.627] VirtualFree (lpAddress=0x12c46000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x3d0)) returned 1 [0096.628] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\downloads.lnk")) returned 0x20 [0096.628] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk", dwFileAttributes=0x20) returned 1 [0096.628] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0096.628] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0096.628] GetFileType (hFile=0x308) returned 0x1 [0096.628] GetFileType (hFile=0x308) returned 0x1 [0096.628] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.628] ReadFile (in: hFile=0x308, lpBuffer=0x1288a66c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a66c*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0096.638] SystemFunction036 (in: RandomBuffer=0x12d17d38, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17d38) returned 1 [0096.639] SystemFunction036 (in: RandomBuffer=0x12d17d48, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17d48) returned 1 [0096.639] GetFileType (hFile=0x308) returned 0x1 [0096.639] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.639] ReadFile (in: hFile=0x308, lpBuffer=0x12a12000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12a12000*, lpNumberOfBytesRead=0x12d89e80*=0x3d0, lpOverlapped=0x0) returned 1 [0096.639] GetFileType (hFile=0x308) returned 0x1 [0096.639] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.639] WriteFile (in: hFile=0x308, lpBuffer=0x128b2400*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x128b2400*, lpNumberOfBytesWritten=0x12d89e78*=0x3d0, lpOverlapped=0x0) returned 1 [0096.639] GetFileType (hFile=0x308) returned 0x1 [0096.639] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.639] SystemFunction036 (in: RandomBuffer=0x128c4901, RandomBufferLength=0x40 | out: RandomBuffer=0x128c4901) returned 1 [0096.639] WriteFile (in: hFile=0x308, lpBuffer=0x1288a6c8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a6c8*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0096.640] WriteFile (in: hFile=0x308, lpBuffer=0x128c4a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x128c4a00*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0096.640] CloseHandle (hObject=0x308) returned 1 [0096.653] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\downloads.lnk.crypted"), dwFlags=0x1) returned 1 [0096.653] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\downloads.lnk")) returned 0xffffffff [0096.654] GetQueuedCompletionStatusEx (in: CompletionPort=0x138, lpCompletionPortEntries=0x34a2fa04, ulCount=0x10, ulNumEntriesRemoved=0x34a2f9ec, dwMilliseconds=0x1f, fAlertable=0 | out: lpCompletionPortEntries=0x34a2fa04, ulNumEntriesRemoved=0x34a2f9ec) returned 0 [0096.770] WaitForSingleObject (hHandle=0x2ac, dwMilliseconds=0xffffffff) Thread: id = 37 os_tid = 0x6a4 [0094.659] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x34b6ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x34b6ff28*=0x15c) returned 1 [0094.659] VirtualQuery (in: lpAddress=0x34b6ff38, lpBuffer=0x34b6ff38, dwLength=0x1c | out: lpBuffer=0x34b6ff38*(BaseAddress=0x34b6f000, AllocationBase=0x34a70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lOzyAQY7oI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lozyaqy7oi.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12833c44 | out: lpFileInformation=0x12833c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cf82a40, ftCreationTime.dwHighDateTime=0x1d70722, ftLastAccessTime.dwLowDateTime=0xbb7c5510, ftLastAccessTime.dwHighDateTime=0x1d70881, ftLastWriteTime.dwLowDateTime=0xbb7c5510, ftLastWriteTime.dwHighDateTime=0x1d70881, nFileSizeHigh=0x0, nFileSizeLow=0x1574d)) returned 1 [0094.659] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lOzyAQY7oI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lozyaqy7oi.bmp")) returned 0x20 [0094.659] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lOzyAQY7oI.bmp", dwFileAttributes=0x20) returned 1 [0094.659] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lOzyAQY7oI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lozyaqy7oi.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0094.659] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0x12833e88 | out: lpMode=0x12833e88) returned 0 [0094.659] GetFileType (hFile=0x1b8) returned 0x1 [0094.659] GetFileType (hFile=0x1b8) returned 0x1 [0094.659] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0094.659] ReadFile (in: hFile=0x1b8, lpBuffer=0x1298e36c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12833d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e36c*, lpNumberOfBytesRead=0x12833d14*=0x4, lpOverlapped=0x0) returned 1 [0094.660] SystemFunction036 (in: RandomBuffer=0x129a2ca8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2ca8) returned 1 [0094.660] SystemFunction036 (in: RandomBuffer=0x129a2cb8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a2cb8) returned 1 [0094.660] VirtualAlloc (lpAddress=0x129f6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129f6000 [0094.661] GetFileType (hFile=0x1b8) returned 0x1 [0094.661] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0094.661] ReadFile (in: hFile=0x1b8, lpBuffer=0x129f6000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12833e80, lpOverlapped=0x0 | out: lpBuffer=0x129f6000*, lpNumberOfBytesRead=0x12833e80*=0x4000, lpOverlapped=0x0) returned 1 [0094.661] VirtualAlloc (lpAddress=0x129fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x129fa000 [0094.661] GetFileType (hFile=0x1b8) returned 0x1 [0094.661] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0094.662] WriteFile (in: hFile=0x1b8, lpBuffer=0x129fa000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12833e78, lpOverlapped=0x0 | out: lpBuffer=0x129fa000*, lpNumberOfBytesWritten=0x12833e78*=0x4000, lpOverlapped=0x0) returned 1 [0094.662] GetFileType (hFile=0x1b8) returned 0x1 [0094.662] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12833e9c | out: lpNewFilePointer=0x0) returned 1 [0094.662] SystemFunction036 (in: RandomBuffer=0x129b9201, RandomBufferLength=0x40 | out: RandomBuffer=0x129b9201) returned 1 [0094.662] VirtualAlloc (lpAddress=0x12b80000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b80000 [0094.663] WriteFile (in: hFile=0x1b8, lpBuffer=0x1298e3c8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12833d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e3c8*, lpNumberOfBytesWritten=0x12833d88*=0x4, lpOverlapped=0x0) returned 1 [0094.663] WriteFile (in: hFile=0x1b8, lpBuffer=0x129b9300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12833d88, lpOverlapped=0x0 | out: lpBuffer=0x129b9300*, lpNumberOfBytesWritten=0x12833d88*=0x100, lpOverlapped=0x0) returned 1 [0094.663] CloseHandle (hObject=0x1b8) returned 1 [0094.679] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lOzyAQY7oI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lozyaqy7oi.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lOzyAQY7oI.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lozyaqy7oi.bmp.crypted"), dwFlags=0x1) returned 1 [0096.091] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\lOzyAQY7oI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lozyaqy7oi.bmp")) returned 0xffffffff [0096.134] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x314 [0096.134] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x30c [0096.134] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0xffffffff) returned 0x0 [0096.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\I-BK4YVGg1b.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i-bk4yvgg1b.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe04e3b40, ftCreationTime.dwHighDateTime=0x1d70568, ftLastAccessTime.dwLowDateTime=0xd0fb4fb0, ftLastAccessTime.dwHighDateTime=0x1d70a19, ftLastWriteTime.dwLowDateTime=0xd0fb4fb0, ftLastWriteTime.dwHighDateTime=0x1d70a19, nFileSizeHigh=0x0, nFileSizeLow=0x2fe5)) returned 1 [0096.164] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\I-BK4YVGg1b.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i-bk4yvgg1b.rtf")) returned 0x20 [0096.165] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\I-BK4YVGg1b.rtf", dwFileAttributes=0x20) returned 1 [0096.165] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\I-BK4YVGg1b.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i-bk4yvgg1b.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0096.165] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0096.165] GetFileType (hFile=0x308) returned 0x1 [0096.165] GetFileType (hFile=0x308) returned 0x1 [0096.165] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.165] ReadFile (in: hFile=0x308, lpBuffer=0x1288a40c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a40c*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0096.165] SystemFunction036 (in: RandomBuffer=0x12d17658, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17658) returned 1 [0096.165] SystemFunction036 (in: RandomBuffer=0x12d17668, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17668) returned 1 [0096.165] VirtualAlloc (lpAddress=0x12dea000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dea000 [0096.166] GetFileType (hFile=0x308) returned 0x1 [0096.166] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.166] ReadFile (in: hFile=0x308, lpBuffer=0x12dea000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12dea000*, lpNumberOfBytesRead=0x12d89e80*=0x2fe5, lpOverlapped=0x0) returned 1 [0096.166] VirtualAlloc (lpAddress=0x12dee000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dee000 [0096.167] GetFileType (hFile=0x308) returned 0x1 [0096.167] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.167] WriteFile (in: hFile=0x308, lpBuffer=0x12dee000*, nNumberOfBytesToWrite=0x2ff0, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12dee000*, lpNumberOfBytesWritten=0x12d89e78*=0x2ff0, lpOverlapped=0x0) returned 1 [0096.167] GetFileType (hFile=0x308) returned 0x1 [0096.167] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.167] SystemFunction036 (in: RandomBuffer=0x12d9fa01, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9fa01) returned 1 [0096.167] VirtualAlloc (lpAddress=0x12df4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12df4000 [0096.168] WriteFile (in: hFile=0x308, lpBuffer=0x1288a468*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a468*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0096.168] WriteFile (in: hFile=0x308, lpBuffer=0x12d9fb00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9fb00*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0096.168] CloseHandle (hObject=0x308) returned 1 [0096.169] VirtualAlloc (lpAddress=0x12df6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12df6000 [0096.170] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\I-BK4YVGg1b.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i-bk4yvgg1b.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\I-BK4YVGg1b.rtf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i-bk4yvgg1b.rtf.crypted"), dwFlags=0x1) returned 1 [0096.171] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\I-BK4YVGg1b.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i-bk4yvgg1b.rtf")) returned 0xffffffff [0096.171] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0xffffffff) returned 0x0 [0096.208] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0xffffffff) returned 0x0 [0096.221] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0xffffffff) returned 0x0 [0096.233] SetEvent (hEvent=0x2ec) returned 1 [0096.233] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my videos"), fInfoLevelId=0x0, lpFileInformation=0x12a4dc44 | out: lpFileInformation=0x12a4dc44*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.233] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my videos"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x308 [0096.233] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0x12a4dbd0 | out: lpFileInformation=0x12a4dbd0) returned 1 [0096.233] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0x12a4dbc8, dwBufferSize=0x8 | out: lpFileInformation=0x12a4dbc8) returned 1 [0096.233] CloseHandle (hObject=0x308) returned 1 [0096.233] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my videos")) returned 0x2416 [0096.234] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos", dwFileAttributes=0x2416) returned 1 [0096.234] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my videos"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0096.234] VirtualAlloc (lpAddress=0x12d6e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d6e000 [0096.235] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos\\*", lpFindFileData=0x12a4db9c | out: lpFindFileData=0x12a4db9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0096.235] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my videos")) returned 0x2416 [0096.235] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos", dwFileAttributes=0x2417) returned 1 [0096.235] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0xffffffff) returned 0x0 [0096.276] SetEvent (hEvent=0x2ec) returned 1 [0096.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), fInfoLevelId=0x0, lpFileInformation=0x12a4dc44 | out: lpFileInformation=0x12a4dc44*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6397affd, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6397affd, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878917cb, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x42400)) returned 1 [0096.276] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst")) returned 0x2020 [0096.276] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", dwFileAttributes=0x2020) returned 1 [0096.276] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0096.277] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12a4de88 | out: lpMode=0x12a4de88) returned 0 [0096.277] GetFileType (hFile=0x308) returned 0x1 [0096.277] GetFileType (hFile=0x308) returned 0x1 [0096.277] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.277] ReadFile (in: hFile=0x308, lpBuffer=0x128104bc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a4dd14, lpOverlapped=0x0 | out: lpBuffer=0x128104bc*, lpNumberOfBytesRead=0x12a4dd14*=0x4, lpOverlapped=0x0) returned 1 [0096.278] SystemFunction036 (in: RandomBuffer=0x12817388, RandomBufferLength=0x10 | out: RandomBuffer=0x12817388) returned 1 [0096.278] SystemFunction036 (in: RandomBuffer=0x12817398, RandomBufferLength=0x10 | out: RandomBuffer=0x12817398) returned 1 [0096.278] VirtualAlloc (lpAddress=0x12d70000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d70000 [0096.279] GetFileType (hFile=0x308) returned 0x1 [0096.279] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.279] ReadFile (in: hFile=0x308, lpBuffer=0x12d70000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4de80, lpOverlapped=0x0 | out: lpBuffer=0x12d70000*, lpNumberOfBytesRead=0x12a4de80*=0x4000, lpOverlapped=0x0) returned 1 [0096.341] VirtualAlloc (lpAddress=0x12d74000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d74000 [0096.342] GetFileType (hFile=0x308) returned 0x1 [0096.342] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.342] WriteFile (in: hFile=0x308, lpBuffer=0x12d74000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4de78, lpOverlapped=0x0 | out: lpBuffer=0x12d74000*, lpNumberOfBytesWritten=0x12a4de78*=0x4000, lpOverlapped=0x0) returned 1 [0096.342] GetFileType (hFile=0x308) returned 0x1 [0096.342] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.342] ReadFile (in: hFile=0x308, lpBuffer=0x12d70000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4de80, lpOverlapped=0x0 | out: lpBuffer=0x12d70000*, lpNumberOfBytesRead=0x12a4de80*=0x4000, lpOverlapped=0x0) returned 1 [0096.410] GetFileType (hFile=0x308) returned 0x1 [0096.410] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x8000, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.410] WriteFile (in: hFile=0x308, lpBuffer=0x12972000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4de78, lpOverlapped=0x0 | out: lpBuffer=0x12972000*, lpNumberOfBytesWritten=0x12a4de78*=0x4000, lpOverlapped=0x0) returned 1 [0096.411] GetFileType (hFile=0x308) returned 0x1 [0096.411] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x14000, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.411] ReadFile (in: hFile=0x308, lpBuffer=0x12d70000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4de80, lpOverlapped=0x0 | out: lpBuffer=0x12d70000*, lpNumberOfBytesRead=0x12a4de80*=0x4000, lpOverlapped=0x0) returned 1 [0096.476] GetFileType (hFile=0x308) returned 0x1 [0096.476] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x14000, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.476] WriteFile (in: hFile=0x308, lpBuffer=0x12a00000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4de78, lpOverlapped=0x0 | out: lpBuffer=0x12a00000*, lpNumberOfBytesWritten=0x12a4de78*=0x4000, lpOverlapped=0x0) returned 1 [0096.476] GetFileType (hFile=0x308) returned 0x1 [0096.476] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.476] SystemFunction036 (in: RandomBuffer=0x12a7fe01, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7fe01) returned 1 [0096.476] WriteFile (in: hFile=0x308, lpBuffer=0x12810618*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x12810618*, lpNumberOfBytesWritten=0x12a4dd88*=0x4, lpOverlapped=0x0) returned 1 [0096.534] WriteFile (in: hFile=0x308, lpBuffer=0x12a7ff00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7ff00*, lpNumberOfBytesWritten=0x12a4dd88*=0x100, lpOverlapped=0x0) returned 1 [0096.534] CloseHandle (hObject=0x308) returned 1 [0096.605] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0xffffffff) returned 0x0 [0096.619] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst.crypted"), dwFlags=0x1) returned 1 [0096.624] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst")) returned 0xffffffff [0096.624] SetEvent (hEvent=0x10c) returned 1 [0096.624] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0xffffffff) Thread: id = 38 os_tid = 0xd94 [0094.674] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x34caff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x34caff28*=0x294) returned 1 [0094.674] VirtualQuery (in: lpAddress=0x34caff38, lpBuffer=0x34caff38, dwLength=0x1c | out: lpBuffer=0x34caff38*(BaseAddress=0x34caf000, AllocationBase=0x34bb0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0094.674] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x298 [0094.674] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x29c [0094.674] WaitForSingleObject (hHandle=0x298, dwMilliseconds=0xffffffff) returned 0x0 [0095.010] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\oCYK45iLz.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ocyk45ilz.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12865c44 | out: lpFileInformation=0x12865c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee2dde70, ftCreationTime.dwHighDateTime=0x1d7027d, ftLastAccessTime.dwLowDateTime=0x327db80, ftLastAccessTime.dwHighDateTime=0x1d70690, ftLastWriteTime.dwLowDateTime=0x327db80, ftLastWriteTime.dwHighDateTime=0x1d70690, nFileSizeHigh=0x0, nFileSizeLow=0x22a8)) returned 1 [0095.010] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\oCYK45iLz.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ocyk45ilz.m4a")) returned 0x20 [0095.010] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\oCYK45iLz.m4a", dwFileAttributes=0x20) returned 1 [0095.010] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\oCYK45iLz.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ocyk45ilz.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0095.011] GetConsoleMode (in: hConsoleHandle=0x220, lpMode=0x12865e88 | out: lpMode=0x12865e88) returned 0 [0095.011] GetFileType (hFile=0x220) returned 0x1 [0095.011] GetFileType (hFile=0x220) returned 0x1 [0095.011] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.011] ReadFile (in: hFile=0x220, lpBuffer=0x1298e4bc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12865d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e4bc*, lpNumberOfBytesRead=0x12865d14*=0x4, lpOverlapped=0x0) returned 1 [0095.011] SystemFunction036 (in: RandomBuffer=0x129a3478, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3478) returned 1 [0095.011] SystemFunction036 (in: RandomBuffer=0x129a3488, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3488) returned 1 [0095.011] VirtualAlloc (lpAddress=0x12b9a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b9a000 [0095.011] GetFileType (hFile=0x220) returned 0x1 [0095.011] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0095.011] ReadFile (in: hFile=0x220, lpBuffer=0x12b9a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12865e80, lpOverlapped=0x0 | out: lpBuffer=0x12b9a000*, lpNumberOfBytesRead=0x12865e80*=0x22a8, lpOverlapped=0x0) returned 1 [0095.011] VirtualAlloc (lpAddress=0x12b9e000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x12b9e000 [0095.012] GetFileType (hFile=0x220) returned 0x1 [0095.012] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0095.012] WriteFile (in: hFile=0x220, lpBuffer=0x12b9e000*, nNumberOfBytesToWrite=0x22b0, lpNumberOfBytesWritten=0x12865e78, lpOverlapped=0x0 | out: lpBuffer=0x12b9e000*, lpNumberOfBytesWritten=0x12865e78*=0x22b0, lpOverlapped=0x0) returned 1 [0095.012] GetFileType (hFile=0x220) returned 0x1 [0095.012] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0095.012] SystemFunction036 (in: RandomBuffer=0x129b9e01, RandomBufferLength=0x40 | out: RandomBuffer=0x129b9e01) returned 1 [0095.013] WriteFile (in: hFile=0x220, lpBuffer=0x1298e518*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12865d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e518*, lpNumberOfBytesWritten=0x12865d88*=0x4, lpOverlapped=0x0) returned 1 [0095.013] VirtualAlloc (lpAddress=0x12bac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bac000 [0095.013] WriteFile (in: hFile=0x220, lpBuffer=0x129b9f00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12865d88, lpOverlapped=0x0 | out: lpBuffer=0x129b9f00*, lpNumberOfBytesWritten=0x12865d88*=0x100, lpOverlapped=0x0) returned 1 [0095.013] CloseHandle (hObject=0x220) returned 1 [0095.036] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\oCYK45iLz.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ocyk45ilz.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\oCYK45iLz.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ocyk45ilz.m4a.crypted"), dwFlags=0x1) returned 1 [0096.792] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\oCYK45iLz.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ocyk45ilz.m4a")) returned 0xffffffff [0096.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\3DHMCVhrKOMLCJNnzVMN.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\3dhmcvhrkomlcjnnzvmn.m4a"), fInfoLevelId=0x0, lpFileInformation=0x12865c44 | out: lpFileInformation=0x12865c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8eec970, ftCreationTime.dwHighDateTime=0x1d6fbf7, ftLastAccessTime.dwLowDateTime=0x4ed57740, ftLastAccessTime.dwHighDateTime=0x1d6fe11, ftLastWriteTime.dwLowDateTime=0x4ed57740, ftLastWriteTime.dwHighDateTime=0x1d6fe11, nFileSizeHigh=0x0, nFileSizeLow=0x14859)) returned 1 [0096.834] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\3DHMCVhrKOMLCJNnzVMN.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\3dhmcvhrkomlcjnnzvmn.m4a")) returned 0x20 [0096.834] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\3DHMCVhrKOMLCJNnzVMN.m4a", dwFileAttributes=0x20) returned 1 [0096.835] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\3DHMCVhrKOMLCJNnzVMN.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\3dhmcvhrkomlcjnnzvmn.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0096.835] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0x12865e88 | out: lpMode=0x12865e88) returned 0 [0096.835] GetFileType (hFile=0x2c4) returned 0x1 [0096.835] GetFileType (hFile=0x2c4) returned 0x1 [0096.835] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.835] ReadFile (in: hFile=0x2c4, lpBuffer=0x128106f4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12865d14, lpOverlapped=0x0 | out: lpBuffer=0x128106f4*, lpNumberOfBytesRead=0x12865d14*=0x4, lpOverlapped=0x0) returned 1 [0096.835] SystemFunction036 (in: RandomBuffer=0x12817c98, RandomBufferLength=0x10 | out: RandomBuffer=0x12817c98) returned 1 [0096.835] SystemFunction036 (in: RandomBuffer=0x12817ca8, RandomBufferLength=0x10 | out: RandomBuffer=0x12817ca8) returned 1 [0096.835] GetFileType (hFile=0x2c4) returned 0x1 [0096.835] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0096.835] ReadFile (in: hFile=0x2c4, lpBuffer=0x12b32000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12865e80, lpOverlapped=0x0 | out: lpBuffer=0x12b32000*, lpNumberOfBytesRead=0x12865e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.836] GetFileType (hFile=0x2c4) returned 0x1 [0096.836] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0096.836] WriteFile (in: hFile=0x2c4, lpBuffer=0x12b36000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12865e78, lpOverlapped=0x0 | out: lpBuffer=0x12b36000*, lpNumberOfBytesWritten=0x12865e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.836] GetFileType (hFile=0x2c4) returned 0x1 [0096.836] SetFilePointerEx (in: hFile=0x2c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12865e9c | out: lpNewFilePointer=0x0) returned 1 [0096.836] SystemFunction036 (in: RandomBuffer=0x1295e801, RandomBufferLength=0x40 | out: RandomBuffer=0x1295e801) returned 1 [0096.836] WriteFile (in: hFile=0x2c4, lpBuffer=0x12810750*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12865d88, lpOverlapped=0x0 | out: lpBuffer=0x12810750*, lpNumberOfBytesWritten=0x12865d88*=0x4, lpOverlapped=0x0) returned 1 [0096.836] WriteFile (in: hFile=0x2c4, lpBuffer=0x1295e900*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12865d88, lpOverlapped=0x0 | out: lpBuffer=0x1295e900*, lpNumberOfBytesWritten=0x12865d88*=0x100, lpOverlapped=0x0) returned 1 [0096.837] CloseHandle (hObject=0x2c4) returned 1 [0096.839] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\3DHMCVhrKOMLCJNnzVMN.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\3dhmcvhrkomlcjnnzvmn.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\3DHMCVhrKOMLCJNnzVMN.m4a.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\3dhmcvhrkomlcjnnzvmn.m4a.crypted"), dwFlags=0x1) returned 1 [0096.840] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\LCvg4MHIIDFXE5UG\\3DHMCVhrKOMLCJNnzVMN.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\lcvg4mhiidfxe5ug\\3dhmcvhrkomlcjnnzvmn.m4a")) returned 0xffffffff [0096.840] WaitForSingleObject (hHandle=0x298, dwMilliseconds=0xffffffff) returned 0x0 [0096.885] SetEvent (hEvent=0x190) returned 1 [0096.885] WaitForSingleObject (hHandle=0x298, dwMilliseconds=0xffffffff) returned 0x0 [0096.975] WaitForSingleObject (hHandle=0x298, dwMilliseconds=0xffffffff) Thread: id = 39 os_tid = 0x109c [0095.081] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x34e2ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x34e2ff28*=0x2b0) returned 1 [0095.081] VirtualQuery (in: lpAddress=0x34e2ff38, lpBuffer=0x34e2ff38, dwLength=0x1c | out: lpBuffer=0x34e2ff38*(BaseAddress=0x34e2f000, AllocationBase=0x34d30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0095.081] SetEvent (hEvent=0x1f8) returned 1 [0095.081] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0095.081] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b8 [0095.081] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.084] SetEvent (hEvent=0x1ec) returned 1 [0095.084] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.112] SetEvent (hEvent=0xfc) returned 1 [0095.112] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.134] SetEvent (hEvent=0x1e4) returned 1 [0095.134] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.156] SetEvent (hEvent=0x118) returned 1 [0095.156] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.185] SetEvent (hEvent=0x1d0) returned 1 [0095.185] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.188] SetEvent (hEvent=0x218) returned 1 [0095.188] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.190] SetEvent (hEvent=0x16c) returned 1 [0095.190] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.193] SetEvent (hEvent=0xfc) returned 1 [0095.193] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.212] SetEvent (hEvent=0x1f8) returned 1 [0095.212] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.393] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.407] SetEvent (hEvent=0x218) returned 1 [0095.407] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NJYrymxV9.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\njyrymxv9.xls"), fInfoLevelId=0x0, lpFileInformation=0x12b2dc44 | out: lpFileInformation=0x12b2dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecfbba50, ftCreationTime.dwHighDateTime=0x1d709c0, ftLastAccessTime.dwLowDateTime=0x84ebfee0, ftLastAccessTime.dwHighDateTime=0x1d70a27, ftLastWriteTime.dwLowDateTime=0x84ebfee0, ftLastWriteTime.dwHighDateTime=0x1d70a27, nFileSizeHigh=0x0, nFileSizeLow=0x7af5)) returned 1 [0095.407] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NJYrymxV9.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\njyrymxv9.xls")) returned 0x20 [0095.408] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NJYrymxV9.xls", dwFileAttributes=0x20) returned 1 [0095.408] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\NJYrymxV9.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\njyrymxv9.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x30c [0095.408] GetConsoleMode (in: hConsoleHandle=0x30c, lpMode=0x12b2de88 | out: lpMode=0x12b2de88) returned 0 [0095.408] GetFileType (hFile=0x30c) returned 0x1 [0095.408] GetFileType (hFile=0x30c) returned 0x1 [0095.408] SetFilePointerEx (in: hFile=0x30c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12b2de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.408] ReadFile (in: hFile=0x30c, lpBuffer=0x1298e830, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12b2dd14, lpOverlapped=0x0 | out: lpBuffer=0x1298e830*, lpNumberOfBytesRead=0x12b2dd14*=0x4, lpOverlapped=0x0) returned 1 [0095.408] SystemFunction036 (in: RandomBuffer=0x12be4578, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4578) returned 1 [0095.408] SystemFunction036 (in: RandomBuffer=0x12be4588, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4588) returned 1 [0095.408] VirtualAlloc (lpAddress=0x12d80000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d80000 [0095.409] SetEvent (hEvent=0x20c) returned 1 [0095.409] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.441] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.442] SetEvent (hEvent=0x218) returned 1 [0095.442] SetEvent (hEvent=0x20c) returned 1 [0095.442] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.500] SetEvent (hEvent=0x200) returned 1 [0095.500] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.530] SetEvent (hEvent=0x20c) returned 1 [0095.530] SetEvent (hEvent=0x200) returned 1 [0095.530] GetFileType (hFile=0x314) returned 0x1 [0095.530] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1293ee9c | out: lpNewFilePointer=0x0) returned 1 [0095.530] ReadFile (in: hFile=0x314, lpBuffer=0x12ca4000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x1293ee80, lpOverlapped=0x0 | out: lpBuffer=0x12ca4000*, lpNumberOfBytesRead=0x1293ee80*=0x1707, lpOverlapped=0x0) returned 1 [0095.530] VirtualAlloc (lpAddress=0x12ca8000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ca8000 [0095.531] GetFileType (hFile=0x314) returned 0x1 [0095.531] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1293ee9c | out: lpNewFilePointer=0x0) returned 1 [0095.531] WriteFile (in: hFile=0x314, lpBuffer=0x12ca8000*, nNumberOfBytesToWrite=0x1710, lpNumberOfBytesWritten=0x1293ee78, lpOverlapped=0x0 | out: lpBuffer=0x12ca8000*, lpNumberOfBytesWritten=0x1293ee78*=0x1710, lpOverlapped=0x0) returned 1 [0095.531] GetFileType (hFile=0x314) returned 0x1 [0095.531] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x1293ee9c | out: lpNewFilePointer=0x0) returned 1 [0095.531] SystemFunction036 (in: RandomBuffer=0x12b52001, RandomBufferLength=0x40 | out: RandomBuffer=0x12b52001) returned 1 [0095.532] WriteFile (in: hFile=0x314, lpBuffer=0x1298e058*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6dd88, lpOverlapped=0x0 | out: lpBuffer=0x1298e058*, lpNumberOfBytesWritten=0x12a6dd88*=0x4, lpOverlapped=0x0) returned 1 [0095.532] WriteFile (in: hFile=0x314, lpBuffer=0x12b52100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6dd88, lpOverlapped=0x0 | out: lpBuffer=0x12b52100*, lpNumberOfBytesWritten=0x12a6dd88*=0x100, lpOverlapped=0x0) returned 1 [0095.532] CloseHandle (hObject=0x314) returned 1 [0095.533] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\OsT7kWbXlqq8WJ.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\ost7kwbxlqq8wj.pps"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\OsT7kWbXlqq8WJ.pps.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\ost7kwbxlqq8wj.pps.crypted"), dwFlags=0x1) returned 1 [0095.533] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\OsT7kWbXlqq8WJ.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\ost7kwbxlqq8wj.pps")) returned 0xffffffff [0095.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\YYIkjg13SNtmwKdTH3.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\yyikjg13sntmwkdth3.csv"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae9b1a80, ftCreationTime.dwHighDateTime=0x1d6fbd3, ftLastAccessTime.dwLowDateTime=0xa1d8d230, ftLastAccessTime.dwHighDateTime=0x1d705e5, ftLastWriteTime.dwLowDateTime=0xa1d8d230, ftLastWriteTime.dwHighDateTime=0x1d705e5, nFileSizeHigh=0x0, nFileSizeLow=0xab2f)) returned 1 [0095.533] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\YYIkjg13SNtmwKdTH3.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\yyikjg13sntmwkdth3.csv")) returned 0x20 [0095.534] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\YYIkjg13SNtmwKdTH3.csv", dwFileAttributes=0x20) returned 1 [0095.534] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\YYIkjg13SNtmwKdTH3.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\yyikjg13sntmwkdth3.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0095.534] GetConsoleMode (in: hConsoleHandle=0x314, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.534] GetFileType (hFile=0x314) returned 0x1 [0095.534] GetFileType (hFile=0x314) returned 0x1 [0095.534] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.534] ReadFile (in: hFile=0x314, lpBuffer=0x1298e060, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e060*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.534] SystemFunction036 (in: RandomBuffer=0x12be41b8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be41b8) returned 1 [0095.534] SystemFunction036 (in: RandomBuffer=0x12be41c8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be41c8) returned 1 [0095.534] GetFileType (hFile=0x314) returned 0x1 [0095.534] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.534] ReadFile (in: hFile=0x314, lpBuffer=0x12c00000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12c00000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.535] GetFileType (hFile=0x314) returned 0x1 [0095.535] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.535] WriteFile (in: hFile=0x314, lpBuffer=0x12c04000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12c04000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.535] GetFileType (hFile=0x314) returned 0x1 [0095.535] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.535] SystemFunction036 (in: RandomBuffer=0x12b52301, RandomBufferLength=0x40 | out: RandomBuffer=0x12b52301) returned 1 [0095.535] WriteFile (in: hFile=0x314, lpBuffer=0x1298e0bc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e0bc*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0095.536] WriteFile (in: hFile=0x314, lpBuffer=0x12b52400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12b52400*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0095.536] CloseHandle (hObject=0x314) returned 1 [0095.537] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\YYIkjg13SNtmwKdTH3.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\yyikjg13sntmwkdth3.csv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\YYIkjg13SNtmwKdTH3.csv.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\yyikjg13sntmwkdth3.csv.crypted"), dwFlags=0x1) returned 1 [0095.538] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\YYIkjg13SNtmwKdTH3.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\yyikjg13sntmwkdth3.csv")) returned 0xffffffff [0095.538] SwitchToThread () returned 1 [0095.548] VirtualAlloc (lpAddress=0x12cae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cae000 [0095.548] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\WmDqkoE85dUrhaVe.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\wmdqkoe85durhave.pps"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed17ebf0, ftCreationTime.dwHighDateTime=0x1d6ff9b, ftLastAccessTime.dwLowDateTime=0x6bf3b860, ftLastAccessTime.dwHighDateTime=0x1d701b2, ftLastWriteTime.dwLowDateTime=0x6bf3b860, ftLastWriteTime.dwHighDateTime=0x1d701b2, nFileSizeHigh=0x0, nFileSizeLow=0x77dd)) returned 1 [0095.549] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\WmDqkoE85dUrhaVe.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\wmdqkoe85durhave.pps")) returned 0x20 [0095.549] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\WmDqkoE85dUrhaVe.pps", dwFileAttributes=0x20) returned 1 [0095.549] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\WmDqkoE85dUrhaVe.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\wmdqkoe85durhave.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0095.549] GetConsoleMode (in: hConsoleHandle=0x314, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.549] GetFileType (hFile=0x314) returned 0x1 [0095.549] GetFileType (hFile=0x314) returned 0x1 [0095.549] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.549] ReadFile (in: hFile=0x314, lpBuffer=0x1298e0c4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e0c4*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.549] SystemFunction036 (in: RandomBuffer=0x12be42f8, RandomBufferLength=0x10 | out: RandomBuffer=0x12be42f8) returned 1 [0095.549] SystemFunction036 (in: RandomBuffer=0x12be4308, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4308) returned 1 [0095.549] VirtualAlloc (lpAddress=0x12cb0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cb0000 [0095.550] GetFileType (hFile=0x314) returned 0x1 [0095.550] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.550] ReadFile (in: hFile=0x314, lpBuffer=0x12cb0000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12cb0000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.550] VirtualAlloc (lpAddress=0x12cb4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cb4000 [0095.551] GetFileType (hFile=0x314) returned 0x1 [0095.551] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.551] WriteFile (in: hFile=0x314, lpBuffer=0x12cb4000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12cb4000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.551] GetFileType (hFile=0x314) returned 0x1 [0095.551] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.551] SystemFunction036 (in: RandomBuffer=0x12b52601, RandomBufferLength=0x40 | out: RandomBuffer=0x12b52601) returned 1 [0095.551] WriteFile (in: hFile=0x314, lpBuffer=0x1298e120*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e120*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0095.552] WriteFile (in: hFile=0x314, lpBuffer=0x12b52700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12b52700*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0095.552] CloseHandle (hObject=0x314) returned 1 [0095.553] VirtualAlloc (lpAddress=0x12cb8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cb8000 [0095.553] VirtualAlloc (lpAddress=0x12cba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cba000 [0095.554] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\WmDqkoE85dUrhaVe.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\wmdqkoe85durhave.pps"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\WmDqkoE85dUrhaVe.pps.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\wmdqkoe85durhave.pps.crypted"), dwFlags=0x1) returned 1 [0095.554] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\WmDqkoE85dUrhaVe.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\wmdqkoe85durhave.pps")) returned 0xffffffff [0095.555] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.587] VirtualFree (lpAddress=0x12d04000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.587] PostQueuedCompletionStatus (CompletionPort=0x138, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0095.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\bNvBM12ZP88xhuWaAeV.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\bnvbm12zp88xhuwaaev.docx"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8765add0, ftCreationTime.dwHighDateTime=0x1d7082c, ftLastAccessTime.dwLowDateTime=0x55ee1a30, ftLastAccessTime.dwHighDateTime=0x1d70881, ftLastWriteTime.dwLowDateTime=0x55ee1a30, ftLastWriteTime.dwHighDateTime=0x1d70881, nFileSizeHigh=0x0, nFileSizeLow=0x11216)) returned 1 [0095.588] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\bNvBM12ZP88xhuWaAeV.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\bnvbm12zp88xhuwaaev.docx")) returned 0x20 [0095.588] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\bNvBM12ZP88xhuWaAeV.docx", dwFileAttributes=0x20) returned 1 [0095.588] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\bNvBM12ZP88xhuWaAeV.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\bnvbm12zp88xhuwaaev.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.588] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.588] GetFileType (hFile=0x310) returned 0x1 [0095.588] GetFileType (hFile=0x310) returned 0x1 [0095.588] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.588] ReadFile (in: hFile=0x310, lpBuffer=0x1298e128, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e128*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.588] SystemFunction036 (in: RandomBuffer=0x12be4438, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4438) returned 1 [0095.588] SystemFunction036 (in: RandomBuffer=0x12be4448, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4448) returned 1 [0095.588] VirtualAlloc (lpAddress=0x12cbc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cbc000 [0095.589] GetFileType (hFile=0x310) returned 0x1 [0095.589] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.589] ReadFile (in: hFile=0x310, lpBuffer=0x12cbc000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12cbc000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.589] VirtualAlloc (lpAddress=0x12cc0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cc0000 [0095.592] GetFileType (hFile=0x310) returned 0x1 [0095.592] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.592] WriteFile (in: hFile=0x310, lpBuffer=0x12cc0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12cc0000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.593] GetFileType (hFile=0x310) returned 0x1 [0095.593] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.593] SystemFunction036 (in: RandomBuffer=0x12b52901, RandomBufferLength=0x40 | out: RandomBuffer=0x12b52901) returned 1 [0095.593] VirtualAlloc (lpAddress=0x12cc4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cc4000 [0095.593] WriteFile (in: hFile=0x310, lpBuffer=0x1298e184*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e184*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0095.594] WriteFile (in: hFile=0x310, lpBuffer=0x12b52a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12b52a00*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0095.594] CloseHandle (hObject=0x310) returned 1 [0095.596] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\bNvBM12ZP88xhuWaAeV.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\bnvbm12zp88xhuwaaev.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\bNvBM12ZP88xhuWaAeV.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\bnvbm12zp88xhuwaaev.docx.crypted"), dwFlags=0x1) returned 1 [0095.597] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\0T-Vkj2\\kHLccXDGcWmzYVg9CD\\bNvBM12ZP88xhuWaAeV.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\0t-vkj2\\khlccxdgcwmzyvg9cd\\bnvbm12zp88xhuwaaev.docx")) returned 0xffffffff [0095.597] VirtualFree (lpAddress=0x12d02000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.597] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.640] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.675] SetEvent (hEvent=0x200) returned 1 [0095.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\-3H43 g4.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\-3h43 g4.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee3e0e10, ftCreationTime.dwHighDateTime=0x1d7025c, ftLastAccessTime.dwLowDateTime=0x26b623e0, ftLastAccessTime.dwHighDateTime=0x1d708b6, ftLastWriteTime.dwLowDateTime=0x26b623e0, ftLastWriteTime.dwHighDateTime=0x1d708b6, nFileSizeHigh=0x0, nFileSizeLow=0x5872)) returned 1 [0095.675] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\-3H43 g4.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\-3h43 g4.rtf")) returned 0x20 [0095.676] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\-3H43 g4.rtf", dwFileAttributes=0x20) returned 1 [0095.676] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\-3H43 g4.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\-3h43 g4.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.676] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0095.676] GetFileType (hFile=0x310) returned 0x1 [0095.676] GetFileType (hFile=0x310) returned 0x1 [0095.676] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.676] ReadFile (in: hFile=0x310, lpBuffer=0x1288a194, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a194*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0095.676] SystemFunction036 (in: RandomBuffer=0x12d16e38, RandomBufferLength=0x10 | out: RandomBuffer=0x12d16e38) returned 1 [0095.676] SystemFunction036 (in: RandomBuffer=0x12d16e48, RandomBufferLength=0x10 | out: RandomBuffer=0x12d16e48) returned 1 [0095.676] VirtualAlloc (lpAddress=0x12dac000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dac000 [0095.677] GetFileType (hFile=0x310) returned 0x1 [0095.677] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.677] ReadFile (in: hFile=0x310, lpBuffer=0x12dac000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12dac000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.677] VirtualAlloc (lpAddress=0x12db0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12db0000 [0095.678] GetFileType (hFile=0x310) returned 0x1 [0095.678] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.678] WriteFile (in: hFile=0x310, lpBuffer=0x12db0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12db0000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.678] GetFileType (hFile=0x310) returned 0x1 [0095.678] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.678] SystemFunction036 (in: RandomBuffer=0x12d9e301, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9e301) returned 1 [0095.679] WriteFile (in: hFile=0x310, lpBuffer=0x1288a1f0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a1f0*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0095.679] WriteFile (in: hFile=0x310, lpBuffer=0x12d9e400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9e400*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0095.679] CloseHandle (hObject=0x310) returned 1 [0095.680] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\-3H43 g4.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\-3h43 g4.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\-3H43 g4.rtf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\-3h43 g4.rtf.crypted"), dwFlags=0x1) returned 1 [0095.681] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\-3H43 g4.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\-3h43 g4.rtf")) returned 0xffffffff [0095.681] VirtualFree (lpAddress=0x12c9e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.681] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.748] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.784] SetEvent (hEvent=0x20c) returned 1 [0095.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\Kyrmv4S.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\kyrmv4s.odt"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c57f930, ftCreationTime.dwHighDateTime=0x1d6facc, ftLastAccessTime.dwLowDateTime=0x5359fbc0, ftLastAccessTime.dwHighDateTime=0x1d6ffc3, ftLastWriteTime.dwLowDateTime=0x5359fbc0, ftLastWriteTime.dwHighDateTime=0x1d6ffc3, nFileSizeHigh=0x0, nFileSizeLow=0x99fc)) returned 1 [0095.784] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\Kyrmv4S.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\kyrmv4s.odt")) returned 0x20 [0095.784] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\Kyrmv4S.odt", dwFileAttributes=0x20) returned 1 [0095.784] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\Kyrmv4S.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\kyrmv4s.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0095.784] GetConsoleMode (in: hConsoleHandle=0x310, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0095.784] GetFileType (hFile=0x310) returned 0x1 [0095.785] GetFileType (hFile=0x310) returned 0x1 [0095.785] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.785] ReadFile (in: hFile=0x310, lpBuffer=0x1288a25c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a25c*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0095.785] SystemFunction036 (in: RandomBuffer=0x12d170b8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d170b8) returned 1 [0095.785] SystemFunction036 (in: RandomBuffer=0x12d170c8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d170c8) returned 1 [0095.785] VirtualAlloc (lpAddress=0x12dbc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dbc000 [0095.785] GetFileType (hFile=0x310) returned 0x1 [0095.785] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.785] ReadFile (in: hFile=0x310, lpBuffer=0x12dbc000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12dbc000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.789] VirtualAlloc (lpAddress=0x12dc0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dc0000 [0095.790] GetFileType (hFile=0x310) returned 0x1 [0095.790] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.790] WriteFile (in: hFile=0x310, lpBuffer=0x12dc0000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12dc0000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.790] GetFileType (hFile=0x310) returned 0x1 [0095.790] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0095.790] SystemFunction036 (in: RandomBuffer=0x12d9e901, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9e901) returned 1 [0095.790] VirtualAlloc (lpAddress=0x12dc4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dc4000 [0095.791] WriteFile (in: hFile=0x310, lpBuffer=0x1288a2b8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a2b8*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0095.791] WriteFile (in: hFile=0x310, lpBuffer=0x12d9ea00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9ea00*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0095.791] CloseHandle (hObject=0x310) returned 1 [0095.793] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\Kyrmv4S.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\kyrmv4s.odt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\Kyrmv4S.odt.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\kyrmv4s.odt.crypted"), dwFlags=0x1) returned 1 [0095.793] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\Kyrmv4S.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\kyrmv4s.odt")) returned 0xffffffff [0095.794] SetEvent (hEvent=0x200) returned 1 [0095.794] VirtualFree (lpAddress=0x12c96000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.794] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.871] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.963] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0095.983] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0096.008] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0096.021] SetEvent (hEvent=0xfc) returned 1 [0096.021] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\kaeNBPAsAQQV.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\kaenbpasaqqv.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12a4dc44 | out: lpFileInformation=0x12a4dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b242bd0, ftCreationTime.dwHighDateTime=0x1d6fef8, ftLastAccessTime.dwLowDateTime=0x80b01910, ftLastAccessTime.dwHighDateTime=0x1d70207, ftLastWriteTime.dwLowDateTime=0x80b01910, ftLastWriteTime.dwHighDateTime=0x1d70207, nFileSizeHigh=0x0, nFileSizeLow=0x10cb9)) returned 1 [0096.021] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\kaeNBPAsAQQV.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\kaenbpasaqqv.xlsx")) returned 0x20 [0096.021] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\kaeNBPAsAQQV.xlsx", dwFileAttributes=0x20) returned 1 [0096.022] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\kaeNBPAsAQQV.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\kaenbpasaqqv.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ac [0096.022] GetConsoleMode (in: hConsoleHandle=0x2ac, lpMode=0x12a4de88 | out: lpMode=0x12a4de88) returned 0 [0096.022] GetFileType (hFile=0x2ac) returned 0x1 [0096.022] GetFileType (hFile=0x2ac) returned 0x1 [0096.022] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.022] ReadFile (in: hFile=0x2ac, lpBuffer=0x1281037c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a4dd14, lpOverlapped=0x0 | out: lpBuffer=0x1281037c*, lpNumberOfBytesRead=0x12a4dd14*=0x4, lpOverlapped=0x0) returned 1 [0096.022] SystemFunction036 (in: RandomBuffer=0x12816b18, RandomBufferLength=0x10 | out: RandomBuffer=0x12816b18) returned 1 [0096.022] SystemFunction036 (in: RandomBuffer=0x12816b28, RandomBufferLength=0x10 | out: RandomBuffer=0x12816b28) returned 1 [0096.022] VirtualAlloc (lpAddress=0x12d4e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d4e000 [0096.023] GetFileType (hFile=0x2ac) returned 0x1 [0096.023] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.023] ReadFile (in: hFile=0x2ac, lpBuffer=0x12d4e000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4de80, lpOverlapped=0x0 | out: lpBuffer=0x12d4e000*, lpNumberOfBytesRead=0x12a4de80*=0x4000, lpOverlapped=0x0) returned 1 [0096.023] VirtualAlloc (lpAddress=0x12d52000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d52000 [0096.024] GetFileType (hFile=0x2ac) returned 0x1 [0096.024] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.024] WriteFile (in: hFile=0x2ac, lpBuffer=0x12d52000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4de78, lpOverlapped=0x0 | out: lpBuffer=0x12d52000*, lpNumberOfBytesWritten=0x12a4de78*=0x4000, lpOverlapped=0x0) returned 1 [0096.024] GetFileType (hFile=0x2ac) returned 0x1 [0096.024] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.024] SystemFunction036 (in: RandomBuffer=0x12a7ec01, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7ec01) returned 1 [0096.024] VirtualAlloc (lpAddress=0x12d56000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d56000 [0096.025] WriteFile (in: hFile=0x2ac, lpBuffer=0x128103d8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x128103d8*, lpNumberOfBytesWritten=0x12a4dd88*=0x4, lpOverlapped=0x0) returned 1 [0096.025] WriteFile (in: hFile=0x2ac, lpBuffer=0x12a7ed00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7ed00*, lpNumberOfBytesWritten=0x12a4dd88*=0x100, lpOverlapped=0x0) returned 1 [0096.025] CloseHandle (hObject=0x2ac) returned 1 [0096.028] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\kaeNBPAsAQQV.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\kaenbpasaqqv.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\kaeNBPAsAQQV.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\kaenbpasaqqv.xlsx.crypted"), dwFlags=0x1) returned 1 [0096.029] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\kaeNBPAsAQQV.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\kaenbpasaqqv.xlsx")) returned 0xffffffff [0096.029] SetEvent (hEvent=0x28c) returned 1 [0096.029] VirtualFree (lpAddress=0x12c8c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.029] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) Thread: id = 40 os_tid = 0x1010 [0095.083] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x34f6ff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x34f6ff28*=0x240) returned 1 [0095.084] VirtualQuery (in: lpAddress=0x34f6ff38, lpBuffer=0x34f6ff38, dwLength=0x1c | out: lpBuffer=0x34f6ff38*(BaseAddress=0x34f6f000, AllocationBase=0x34e70000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0095.084] SetEvent (hEvent=0x20c) returned 1 [0095.084] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2bc [0095.084] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c0 [0095.084] WaitForSingleObject (hHandle=0x2bc, dwMilliseconds=0xffffffff) returned 0x0 [0095.112] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\vfF9hHKjAPNcKqxY4A.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vff9hhkjapnckqxy4a.bmp"), fInfoLevelId=0x0, lpFileInformation=0x12a23c44 | out: lpFileInformation=0x12a23c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x432646b0, ftCreationTime.dwHighDateTime=0x1d7004e, ftLastAccessTime.dwLowDateTime=0x9a8a96f0, ftLastAccessTime.dwHighDateTime=0x1d70a34, ftLastWriteTime.dwLowDateTime=0x9a8a96f0, ftLastWriteTime.dwHighDateTime=0x1d70a34, nFileSizeHigh=0x0, nFileSizeLow=0x1825f)) returned 1 [0095.112] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\vfF9hHKjAPNcKqxY4A.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vff9hhkjapnckqxy4a.bmp")) returned 0x20 [0095.112] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\vfF9hHKjAPNcKqxY4A.bmp", dwFileAttributes=0x20) returned 1 [0095.112] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\vfF9hHKjAPNcKqxY4A.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vff9hhkjapnckqxy4a.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0095.112] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0x12a23e88 | out: lpMode=0x12a23e88) returned 0 [0095.112] GetFileType (hFile=0x2d8) returned 0x1 [0095.112] VirtualAlloc (lpAddress=0x12bb0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bb0000 [0095.113] GetFileType (hFile=0x2d8) returned 0x1 [0095.113] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.113] ReadFile (in: hFile=0x2d8, lpBuffer=0x1298e544, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a23d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e544*, lpNumberOfBytesRead=0x12a23d14*=0x4, lpOverlapped=0x0) returned 1 [0095.113] SystemFunction036 (in: RandomBuffer=0x129a35b8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a35b8) returned 1 [0095.113] SystemFunction036 (in: RandomBuffer=0x129a35c8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a35c8) returned 1 [0095.113] VirtualAlloc (lpAddress=0x12bb2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bb2000 [0095.113] GetFileType (hFile=0x2d8) returned 0x1 [0095.113] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0095.113] ReadFile (in: hFile=0x2d8, lpBuffer=0x12bb2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a23e80, lpOverlapped=0x0 | out: lpBuffer=0x12bb2000*, lpNumberOfBytesRead=0x12a23e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.114] VirtualAlloc (lpAddress=0x12bb6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bb6000 [0095.114] GetFileType (hFile=0x2d8) returned 0x1 [0095.114] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0095.114] WriteFile (in: hFile=0x2d8, lpBuffer=0x12bb6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a23e78, lpOverlapped=0x0 | out: lpBuffer=0x12bb6000*, lpNumberOfBytesWritten=0x12a23e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.114] GetFileType (hFile=0x2d8) returned 0x1 [0095.115] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0095.115] SystemFunction036 (in: RandomBuffer=0x12bac101, RandomBufferLength=0x40 | out: RandomBuffer=0x12bac101) returned 1 [0095.115] VirtualAlloc (lpAddress=0x12bba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bba000 [0095.115] WriteFile (in: hFile=0x2d8, lpBuffer=0x1298e5a0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e5a0*, lpNumberOfBytesWritten=0x12a23d88*=0x4, lpOverlapped=0x0) returned 1 [0095.116] WriteFile (in: hFile=0x2d8, lpBuffer=0x12bac200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x12bac200*, lpNumberOfBytesWritten=0x12a23d88*=0x100, lpOverlapped=0x0) returned 1 [0095.116] CloseHandle (hObject=0x2d8) returned 1 [0095.155] WaitForSingleObject (hHandle=0x2bc, dwMilliseconds=0xffffffff) returned 0x0 [0095.190] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\vfF9hHKjAPNcKqxY4A.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vff9hhkjapnckqxy4a.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\vfF9hHKjAPNcKqxY4A.bmp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vff9hhkjapnckqxy4a.bmp.crypted"), dwFlags=0x1) returned 1 [0097.031] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\vfF9hHKjAPNcKqxY4A.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\vff9hhkjapnckqxy4a.bmp")) returned 0xffffffff [0097.076] SetEvent (hEvent=0x1e4) returned 1 [0097.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\sykSo4.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\sykso4.wav"), fInfoLevelId=0x0, lpFileInformation=0x12a23c44 | out: lpFileInformation=0x12a23c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eda79c0, ftCreationTime.dwHighDateTime=0x1d702c6, ftLastAccessTime.dwLowDateTime=0x777c46e0, ftLastAccessTime.dwHighDateTime=0x1d702d2, ftLastWriteTime.dwLowDateTime=0x777c46e0, ftLastWriteTime.dwHighDateTime=0x1d702d2, nFileSizeHigh=0x0, nFileSizeLow=0x11e0d)) returned 1 [0097.077] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\sykSo4.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\sykso4.wav")) returned 0x20 [0097.077] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\sykSo4.wav", dwFileAttributes=0x20) returned 1 [0097.077] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\sykSo4.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\sykso4.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0097.077] GetConsoleMode (in: hConsoleHandle=0x2f8, lpMode=0x12a23e88 | out: lpMode=0x12a23e88) returned 0 [0097.077] GetFileType (hFile=0x2f8) returned 0x1 [0097.077] GetFileType (hFile=0x2f8) returned 0x1 [0097.077] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.077] ReadFile (in: hFile=0x2f8, lpBuffer=0x1288a7b0, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a23d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a7b0*, lpNumberOfBytesRead=0x12a23d14*=0x4, lpOverlapped=0x0) returned 1 [0097.077] SystemFunction036 (in: RandomBuffer=0x12930258, RandomBufferLength=0x10 | out: RandomBuffer=0x12930258) returned 1 [0097.077] SystemFunction036 (in: RandomBuffer=0x12930268, RandomBufferLength=0x10 | out: RandomBuffer=0x12930268) returned 1 [0097.077] GetFileType (hFile=0x2f8) returned 0x1 [0097.077] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.078] ReadFile (in: hFile=0x2f8, lpBuffer=0x12a2a000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a23e80, lpOverlapped=0x0 | out: lpBuffer=0x12a2a000*, lpNumberOfBytesRead=0x12a23e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.078] GetFileType (hFile=0x2f8) returned 0x1 [0097.078] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.078] WriteFile (in: hFile=0x2f8, lpBuffer=0x12a2e000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a23e78, lpOverlapped=0x0 | out: lpBuffer=0x12a2e000*, lpNumberOfBytesWritten=0x12a23e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.078] GetFileType (hFile=0x2f8) returned 0x1 [0097.078] SetFilePointerEx (in: hFile=0x2f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.078] SystemFunction036 (in: RandomBuffer=0x128c4f01, RandomBufferLength=0x40 | out: RandomBuffer=0x128c4f01) returned 1 [0097.079] WriteFile (in: hFile=0x2f8, lpBuffer=0x1288a80c*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a80c*, lpNumberOfBytesWritten=0x12a23d88*=0x4, lpOverlapped=0x0) returned 1 [0097.079] WriteFile (in: hFile=0x2f8, lpBuffer=0x128c5000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x128c5000*, lpNumberOfBytesWritten=0x12a23d88*=0x100, lpOverlapped=0x0) returned 1 [0097.079] CloseHandle (hObject=0x2f8) returned 1 [0097.081] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\sykSo4.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\sykso4.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\sykSo4.wav.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\sykso4.wav.crypted"), dwFlags=0x1) returned 1 [0097.082] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R2RbR0boE5Lx2X\\7Wh9AxLTsfU1o4fqG\\yCJwtHQtWZDZ3t2yyS\\sykSo4.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r2rbr0boe5lx2x\\7wh9axltsfu1o4fqg\\ycjwthqtwzdz3t2yys\\sykso4.wav")) returned 0xffffffff [0097.082] VirtualFree (lpAddress=0x12c3a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.082] WaitForSingleObject (hHandle=0x2bc, dwMilliseconds=0xffffffff) Thread: id = 41 os_tid = 0x6b0 [0095.098] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x350aff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x350aff28*=0x2c8) returned 1 [0095.098] VirtualQuery (in: lpAddress=0x350aff38, lpBuffer=0x350aff38, dwLength=0x1c | out: lpBuffer=0x350aff38*(BaseAddress=0x350af000, AllocationBase=0x34fb0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0095.098] SetEvent (hEvent=0x1dc) returned 1 [0095.098] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2cc [0095.098] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2d0 [0095.098] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) returned 0x0 [0095.111] SetEvent (hEvent=0x218) returned 1 [0095.112] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) returned 0x0 [0095.137] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\stBubxBe6y6z4niQjh2c.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\stbubxbe6y6z4niqjh2c.avi"), fInfoLevelId=0x0, lpFileInformation=0x129d1c44 | out: lpFileInformation=0x129d1c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64b8d8d0, ftCreationTime.dwHighDateTime=0x1d6ff84, ftLastAccessTime.dwLowDateTime=0xe2ab2070, ftLastAccessTime.dwHighDateTime=0x1d7021a, ftLastWriteTime.dwLowDateTime=0xe2ab2070, ftLastWriteTime.dwHighDateTime=0x1d7021a, nFileSizeHigh=0x0, nFileSizeLow=0x25c3)) returned 1 [0095.137] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\stBubxBe6y6z4niQjh2c.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\stbubxbe6y6z4niqjh2c.avi")) returned 0x20 [0095.137] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\stBubxBe6y6z4niQjh2c.avi", dwFileAttributes=0x20) returned 1 [0095.137] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\stBubxBe6y6z4niQjh2c.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\stbubxbe6y6z4niqjh2c.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0095.137] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0x129d1e88 | out: lpMode=0x129d1e88) returned 0 [0095.137] GetFileType (hFile=0x2d8) returned 0x1 [0095.137] GetFileType (hFile=0x2d8) returned 0x1 [0095.137] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x129d1e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.138] ReadFile (in: hFile=0x2d8, lpBuffer=0x1298e5a8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x129d1d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e5a8*, lpNumberOfBytesRead=0x129d1d14*=0x4, lpOverlapped=0x0) returned 1 [0095.138] SystemFunction036 (in: RandomBuffer=0x129a36f8, RandomBufferLength=0x10 | out: RandomBuffer=0x129a36f8) returned 1 [0095.138] SystemFunction036 (in: RandomBuffer=0x129a3708, RandomBufferLength=0x10 | out: RandomBuffer=0x129a3708) returned 1 [0095.138] VirtualAlloc (lpAddress=0x12bbc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bbc000 [0095.138] GetFileType (hFile=0x2d8) returned 0x1 [0095.138] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d1e9c | out: lpNewFilePointer=0x0) returned 1 [0095.138] ReadFile (in: hFile=0x2d8, lpBuffer=0x12bbc000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x129d1e80, lpOverlapped=0x0 | out: lpBuffer=0x12bbc000*, lpNumberOfBytesRead=0x129d1e80*=0x25c3, lpOverlapped=0x0) returned 1 [0095.139] VirtualAlloc (lpAddress=0x12bc0000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bc0000 [0095.139] GetFileType (hFile=0x2d8) returned 0x1 [0095.139] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d1e9c | out: lpNewFilePointer=0x0) returned 1 [0095.139] WriteFile (in: hFile=0x2d8, lpBuffer=0x12bc0000*, nNumberOfBytesToWrite=0x25d0, lpNumberOfBytesWritten=0x129d1e78, lpOverlapped=0x0 | out: lpBuffer=0x12bc0000*, lpNumberOfBytesWritten=0x129d1e78*=0x25d0, lpOverlapped=0x0) returned 1 [0095.139] GetFileType (hFile=0x2d8) returned 0x1 [0095.139] SetFilePointerEx (in: hFile=0x2d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x129d1e9c | out: lpNewFilePointer=0x0) returned 1 [0095.139] SystemFunction036 (in: RandomBuffer=0x12bac401, RandomBufferLength=0x40 | out: RandomBuffer=0x12bac401) returned 1 [0095.140] VirtualAlloc (lpAddress=0x12bcc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bcc000 [0095.140] VirtualAlloc (lpAddress=0x12bce000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12bce000 [0095.140] WriteFile (in: hFile=0x2d8, lpBuffer=0x1298e604*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x129d1d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e604*, lpNumberOfBytesWritten=0x129d1d88*=0x4, lpOverlapped=0x0) returned 1 [0095.140] WriteFile (in: hFile=0x2d8, lpBuffer=0x12bac500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x129d1d88, lpOverlapped=0x0 | out: lpBuffer=0x12bac500*, lpNumberOfBytesWritten=0x129d1d88*=0x100, lpOverlapped=0x0) returned 1 [0095.141] CloseHandle (hObject=0x2d8) returned 1 [0095.156] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) returned 0x0 [0095.192] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\stBubxBe6y6z4niQjh2c.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\stbubxbe6y6z4niqjh2c.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\stBubxBe6y6z4niQjh2c.avi.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\stbubxbe6y6z4niqjh2c.avi.crypted"), dwFlags=0x1) returned 1 [0097.076] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\stBubxBe6y6z4niQjh2c.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\stbubxbe6y6z4niqjh2c.avi")) returned 0xffffffff [0097.106] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) returned 0x0 [0097.123] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) returned 0x0 [0097.164] SwitchToThread () returned 1 [0097.196] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) returned 0x0 [0097.208] SetEvent (hEvent=0x218) returned 1 [0097.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\hJz6V.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\hjz6v.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12a23c44 | out: lpFileInformation=0x12a23c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5e28f0, ftCreationTime.dwHighDateTime=0x1d7050b, ftLastAccessTime.dwLowDateTime=0xcd1323d0, ftLastAccessTime.dwHighDateTime=0x1d7070a, ftLastWriteTime.dwLowDateTime=0xcd1323d0, ftLastWriteTime.dwHighDateTime=0x1d7070a, nFileSizeHigh=0x0, nFileSizeLow=0x10e70)) returned 1 [0097.208] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\hJz6V.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\hjz6v.mp3")) returned 0x20 [0097.208] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\hJz6V.mp3", dwFileAttributes=0x20) returned 1 [0097.209] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\hJz6V.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\hjz6v.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0097.209] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0x12a23e88 | out: lpMode=0x12a23e88) returned 0 [0097.209] GetFileType (hFile=0x2fc) returned 0x1 [0097.209] GetFileType (hFile=0x2fc) returned 0x1 [0097.209] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.209] ReadFile (in: hFile=0x2fc, lpBuffer=0x12900004, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a23d14, lpOverlapped=0x0 | out: lpBuffer=0x12900004*, lpNumberOfBytesRead=0x12a23d14*=0x4, lpOverlapped=0x0) returned 1 [0097.209] SystemFunction036 (in: RandomBuffer=0x128161b8, RandomBufferLength=0x10 | out: RandomBuffer=0x128161b8) returned 1 [0097.209] SystemFunction036 (in: RandomBuffer=0x128161c8, RandomBufferLength=0x10 | out: RandomBuffer=0x128161c8) returned 1 [0097.209] GetFileType (hFile=0x2fc) returned 0x1 [0097.209] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.209] ReadFile (in: hFile=0x2fc, lpBuffer=0x12a36000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a23e80, lpOverlapped=0x0 | out: lpBuffer=0x12a36000*, lpNumberOfBytesRead=0x12a23e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.210] GetFileType (hFile=0x2fc) returned 0x1 [0097.210] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.210] WriteFile (in: hFile=0x2fc, lpBuffer=0x12a40000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a23e78, lpOverlapped=0x0 | out: lpBuffer=0x12a40000*, lpNumberOfBytesWritten=0x12a23e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.210] GetFileType (hFile=0x2fc) returned 0x1 [0097.210] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a23e9c | out: lpNewFilePointer=0x0) returned 1 [0097.210] SystemFunction036 (in: RandomBuffer=0x12a46001, RandomBufferLength=0x40 | out: RandomBuffer=0x12a46001) returned 1 [0097.211] WriteFile (in: hFile=0x2fc, lpBuffer=0x12900060*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x12900060*, lpNumberOfBytesWritten=0x12a23d88*=0x4, lpOverlapped=0x0) returned 1 [0097.211] WriteFile (in: hFile=0x2fc, lpBuffer=0x12a46100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a23d88, lpOverlapped=0x0 | out: lpBuffer=0x12a46100*, lpNumberOfBytesWritten=0x12a23d88*=0x100, lpOverlapped=0x0) returned 1 [0097.211] CloseHandle (hObject=0x2fc) returned 1 [0097.213] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\hJz6V.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\hjz6v.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\hJz6V.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\hjz6v.mp3.crypted"), dwFlags=0x1) returned 1 [0097.213] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\hJz6V.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\hjz6v.mp3")) returned 0xffffffff [0097.214] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) returned 0x0 [0097.258] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) returned 0x0 [0097.289] SetEvent (hEvent=0x218) returned 1 [0097.289] SetEvent (hEvent=0x1e4) returned 1 [0097.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\ed92X-Z.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\ed92x-z.mp3"), fInfoLevelId=0x0, lpFileInformation=0x12915c44 | out: lpFileInformation=0x12915c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x329fa930, ftCreationTime.dwHighDateTime=0x1d6fdc4, ftLastAccessTime.dwLowDateTime=0xe7ea5f30, ftLastAccessTime.dwHighDateTime=0x1d709bb, ftLastWriteTime.dwLowDateTime=0xe7ea5f30, ftLastWriteTime.dwHighDateTime=0x1d709bb, nFileSizeHigh=0x0, nFileSizeLow=0x15e83)) returned 1 [0097.289] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\ed92X-Z.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\ed92x-z.mp3")) returned 0x20 [0097.290] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\ed92X-Z.mp3", dwFileAttributes=0x20) returned 1 [0097.290] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\ed92X-Z.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\ed92x-z.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x274 [0097.290] GetConsoleMode (in: hConsoleHandle=0x274, lpMode=0x12915e88 | out: lpMode=0x12915e88) returned 0 [0097.290] GetFileType (hFile=0x274) returned 0x1 [0097.290] GetFileType (hFile=0x274) returned 0x1 [0097.290] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0097.290] ReadFile (in: hFile=0x274, lpBuffer=0x1298e0cc, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12915d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e0cc*, lpNumberOfBytesRead=0x12915d14*=0x4, lpOverlapped=0x0) returned 1 [0097.290] SystemFunction036 (in: RandomBuffer=0x128cc3e8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc3e8) returned 1 [0097.290] SystemFunction036 (in: RandomBuffer=0x128cc3f8, RandomBufferLength=0x10 | out: RandomBuffer=0x128cc3f8) returned 1 [0097.290] GetFileType (hFile=0x274) returned 0x1 [0097.290] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.290] ReadFile (in: hFile=0x274, lpBuffer=0x12b56000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12915e80, lpOverlapped=0x0 | out: lpBuffer=0x12b56000*, lpNumberOfBytesRead=0x12915e80*=0x4000, lpOverlapped=0x0) returned 1 [0097.291] GetFileType (hFile=0x274) returned 0x1 [0097.291] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.291] WriteFile (in: hFile=0x274, lpBuffer=0x12b5a000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12915e78, lpOverlapped=0x0 | out: lpBuffer=0x12b5a000*, lpNumberOfBytesWritten=0x12915e78*=0x4000, lpOverlapped=0x0) returned 1 [0097.291] GetFileType (hFile=0x274) returned 0x1 [0097.291] SetFilePointerEx (in: hFile=0x274, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12915e9c | out: lpNewFilePointer=0x0) returned 1 [0097.291] SystemFunction036 (in: RandomBuffer=0x12d9ec01, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9ec01) returned 1 [0097.291] WriteFile (in: hFile=0x274, lpBuffer=0x1298e128*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e128*, lpNumberOfBytesWritten=0x12915d88*=0x4, lpOverlapped=0x0) returned 1 [0097.292] WriteFile (in: hFile=0x274, lpBuffer=0x12d9ed00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12915d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9ed00*, lpNumberOfBytesWritten=0x12915d88*=0x100, lpOverlapped=0x0) returned 1 [0097.292] CloseHandle (hObject=0x274) returned 1 [0097.294] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\ed92X-Z.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\ed92x-z.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\ed92X-Z.mp3.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\ed92x-z.mp3.crypted"), dwFlags=0x1) returned 1 [0097.298] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l3Ukg9xPqGI\\DBjkoAN\\ed92X-Z.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l3ukg9xpqgi\\dbjkoan\\ed92x-z.mp3")) returned 0xffffffff [0097.298] VirtualFree (lpAddress=0x12dfa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.299] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) Thread: id = 42 os_tid = 0xccc [0095.185] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x351eff28, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x351eff28*=0x2e8) returned 1 [0095.185] VirtualQuery (in: lpAddress=0x351eff38, lpBuffer=0x351eff38, dwLength=0x1c | out: lpBuffer=0x351eff38*(BaseAddress=0x351ef000, AllocationBase=0x350f0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0095.185] SetEvent (hEvent=0x20c) returned 1 [0095.185] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ec [0095.185] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2f0 [0095.185] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0095.895] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0095.907] SetEvent (hEvent=0x2b4) returned 1 [0095.907] VirtualFree (lpAddress=0x12c92000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.908] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\y8rkdvIeu_ne.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\y8rkdvieu_ne.odp"), fInfoLevelId=0x0, lpFileInformation=0x12861c44 | out: lpFileInformation=0x12861c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74eab500, ftCreationTime.dwHighDateTime=0x1d7058f, ftLastAccessTime.dwLowDateTime=0xb6da5890, ftLastAccessTime.dwHighDateTime=0x1d708b3, ftLastWriteTime.dwLowDateTime=0xb6da5890, ftLastWriteTime.dwHighDateTime=0x1d708b3, nFileSizeHigh=0x0, nFileSizeLow=0xc17d)) returned 1 [0095.908] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\y8rkdvIeu_ne.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\y8rkdvieu_ne.odp")) returned 0x20 [0095.908] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\y8rkdvIeu_ne.odp", dwFileAttributes=0x20) returned 1 [0095.908] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\y8rkdvIeu_ne.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\y8rkdvieu_ne.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0095.908] GetConsoleMode (in: hConsoleHandle=0x28c, lpMode=0x12861e88 | out: lpMode=0x12861e88) returned 0 [0095.908] GetFileType (hFile=0x28c) returned 0x1 [0095.908] GetFileType (hFile=0x28c) returned 0x1 [0095.908] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0095.908] ReadFile (in: hFile=0x28c, lpBuffer=0x1298e2b8, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12861d14, lpOverlapped=0x0 | out: lpBuffer=0x1298e2b8*, lpNumberOfBytesRead=0x12861d14*=0x4, lpOverlapped=0x0) returned 1 [0095.908] SystemFunction036 (in: RandomBuffer=0x12be4b18, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4b18) returned 1 [0095.908] SystemFunction036 (in: RandomBuffer=0x12be4b28, RandomBufferLength=0x10 | out: RandomBuffer=0x12be4b28) returned 1 [0095.908] VirtualAlloc (lpAddress=0x12ce4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ce4000 [0095.909] GetFileType (hFile=0x28c) returned 0x1 [0095.909] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.909] ReadFile (in: hFile=0x28c, lpBuffer=0x12ce4000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12861e80, lpOverlapped=0x0 | out: lpBuffer=0x12ce4000*, lpNumberOfBytesRead=0x12861e80*=0x4000, lpOverlapped=0x0) returned 1 [0095.909] VirtualAlloc (lpAddress=0x12ce8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12ce8000 [0095.910] GetFileType (hFile=0x28c) returned 0x1 [0095.910] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.910] WriteFile (in: hFile=0x28c, lpBuffer=0x12ce8000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12861e78, lpOverlapped=0x0 | out: lpBuffer=0x12ce8000*, lpNumberOfBytesWritten=0x12861e78*=0x4000, lpOverlapped=0x0) returned 1 [0095.910] GetFileType (hFile=0x28c) returned 0x1 [0095.910] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12861e9c | out: lpNewFilePointer=0x0) returned 1 [0095.910] SystemFunction036 (in: RandomBuffer=0x12b53501, RandomBufferLength=0x40 | out: RandomBuffer=0x12b53501) returned 1 [0095.911] WriteFile (in: hFile=0x28c, lpBuffer=0x1298e314*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x1298e314*, lpNumberOfBytesWritten=0x12861d88*=0x4, lpOverlapped=0x0) returned 1 [0095.911] VirtualAlloc (lpAddress=0x12cec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x12cec000 [0095.911] WriteFile (in: hFile=0x28c, lpBuffer=0x12b53600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12861d88, lpOverlapped=0x0 | out: lpBuffer=0x12b53600*, lpNumberOfBytesWritten=0x12861d88*=0x100, lpOverlapped=0x0) returned 1 [0095.911] CloseHandle (hObject=0x28c) returned 1 [0095.920] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\y8rkdvIeu_ne.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\y8rkdvieu_ne.odp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\y8rkdvIeu_ne.odp.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\y8rkdvieu_ne.odp.crypted"), dwFlags=0x1) returned 1 [0095.920] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\N4v2AJonjYIfePu-5ySR\\y8rkdvIeu_ne.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\n4v2ajonjyifepu-5ysr\\y8rkdvieu_ne.odp")) returned 0xffffffff [0095.920] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.007] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.041] VirtualFree (lpAddress=0x12c8a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.042] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\sPOK hNDt-tgCki.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\spok hndt-tgcki.rtf"), fInfoLevelId=0x0, lpFileInformation=0x12d85c44 | out: lpFileInformation=0x12d85c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0d157b0, ftCreationTime.dwHighDateTime=0x1d70328, ftLastAccessTime.dwLowDateTime=0x5990e900, ftLastAccessTime.dwHighDateTime=0x1d708b9, ftLastWriteTime.dwLowDateTime=0x5990e900, ftLastWriteTime.dwHighDateTime=0x1d708b9, nFileSizeHigh=0x0, nFileSizeLow=0x9db2)) returned 1 [0096.042] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\sPOK hNDt-tgCki.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\spok hndt-tgcki.rtf")) returned 0x20 [0096.042] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\sPOK hNDt-tgCki.rtf", dwFileAttributes=0x20) returned 1 [0096.042] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\sPOK hNDt-tgCki.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\spok hndt-tgcki.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2ac [0096.042] GetConsoleMode (in: hConsoleHandle=0x2ac, lpMode=0x12d85e88 | out: lpMode=0x12d85e88) returned 0 [0096.042] GetFileType (hFile=0x2ac) returned 0x1 [0096.042] GetFileType (hFile=0x2ac) returned 0x1 [0096.042] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.043] ReadFile (in: hFile=0x2ac, lpBuffer=0x12900144, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d85d14, lpOverlapped=0x0 | out: lpBuffer=0x12900144*, lpNumberOfBytesRead=0x12d85d14*=0x4, lpOverlapped=0x0) returned 1 [0096.043] SystemFunction036 (in: RandomBuffer=0x12c90ac8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90ac8) returned 1 [0096.043] SystemFunction036 (in: RandomBuffer=0x12c90ad8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90ad8) returned 1 [0096.043] GetFileType (hFile=0x2ac) returned 0x1 [0096.043] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0096.043] ReadFile (in: hFile=0x2ac, lpBuffer=0x12878000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d85e80, lpOverlapped=0x0 | out: lpBuffer=0x12878000*, lpNumberOfBytesRead=0x12d85e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.043] GetFileType (hFile=0x2ac) returned 0x1 [0096.043] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0096.043] WriteFile (in: hFile=0x2ac, lpBuffer=0x1287c000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d85e78, lpOverlapped=0x0 | out: lpBuffer=0x1287c000*, lpNumberOfBytesWritten=0x12d85e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.044] GetFileType (hFile=0x2ac) returned 0x1 [0096.044] SetFilePointerEx (in: hFile=0x2ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d85e9c | out: lpNewFilePointer=0x0) returned 1 [0096.044] SystemFunction036 (in: RandomBuffer=0x12c72901, RandomBufferLength=0x40 | out: RandomBuffer=0x12c72901) returned 1 [0096.044] WriteFile (in: hFile=0x2ac, lpBuffer=0x129001a0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d85d88, lpOverlapped=0x0 | out: lpBuffer=0x129001a0*, lpNumberOfBytesWritten=0x12d85d88*=0x4, lpOverlapped=0x0) returned 1 [0096.044] WriteFile (in: hFile=0x2ac, lpBuffer=0x12c72a00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d85d88, lpOverlapped=0x0 | out: lpBuffer=0x12c72a00*, lpNumberOfBytesWritten=0x12d85d88*=0x100, lpOverlapped=0x0) returned 1 [0096.044] CloseHandle (hObject=0x2ac) returned 1 [0096.046] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\sPOK hNDt-tgCki.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\spok hndt-tgcki.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\sPOK hNDt-tgCki.rtf.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\spok hndt-tgcki.rtf.crypted"), dwFlags=0x1) returned 1 [0096.047] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\_dteD\\sPOK hNDt-tgCki.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\_dted\\spok hndt-tgcki.rtf")) returned 0xffffffff [0096.047] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.092] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.105] SetEvent (hEvent=0xfc) returned 1 [0096.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\uk0z.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\uk0z.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf47ed280, ftCreationTime.dwHighDateTime=0x1d700e2, ftLastAccessTime.dwLowDateTime=0x44157a50, ftLastAccessTime.dwHighDateTime=0x1d7030f, ftLastWriteTime.dwLowDateTime=0x44157a50, ftLastWriteTime.dwHighDateTime=0x1d7030f, nFileSizeHigh=0x0, nFileSizeLow=0x13b09)) returned 1 [0096.106] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\uk0z.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\uk0z.xlsx")) returned 0x20 [0096.106] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\uk0z.xlsx", dwFileAttributes=0x20) returned 1 [0096.106] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\uk0z.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\uk0z.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0096.106] GetConsoleMode (in: hConsoleHandle=0x314, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0096.106] GetFileType (hFile=0x314) returned 0x1 [0096.106] GetFileType (hFile=0x314) returned 0x1 [0096.106] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.106] ReadFile (in: hFile=0x314, lpBuffer=0x1288a398, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a398*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0096.106] SystemFunction036 (in: RandomBuffer=0x12d17478, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17478) returned 1 [0096.106] SystemFunction036 (in: RandomBuffer=0x12d17488, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17488) returned 1 [0096.107] VirtualAlloc (lpAddress=0x12de2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12de2000 [0096.107] GetFileType (hFile=0x314) returned 0x1 [0096.107] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.107] ReadFile (in: hFile=0x314, lpBuffer=0x12de2000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12de2000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.107] VirtualAlloc (lpAddress=0x12de6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12de6000 [0096.108] GetFileType (hFile=0x314) returned 0x1 [0096.108] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.108] WriteFile (in: hFile=0x314, lpBuffer=0x12de6000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12de6000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.108] GetFileType (hFile=0x314) returned 0x1 [0096.108] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.109] SystemFunction036 (in: RandomBuffer=0x12d9f501, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9f501) returned 1 [0096.109] WriteFile (in: hFile=0x314, lpBuffer=0x1288a3f4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a3f4*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0096.109] WriteFile (in: hFile=0x314, lpBuffer=0x12d9f600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9f600*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0096.109] CloseHandle (hObject=0x314) returned 1 [0096.112] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\uk0z.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\uk0z.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\uk0z.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\uk0z.xlsx.crypted"), dwFlags=0x1) returned 1 [0096.115] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Ea6EH7e6iYLk5qzARj9\\uk0z.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ea6eh7e6iylk5qzarj9\\uk0z.xlsx")) returned 0xffffffff [0096.115] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.172] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.186] SetEvent (hEvent=0x314) returned 1 [0096.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Lyucj2S2OOss7KdI.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyucj2s2ooss7kdi.pptx"), fInfoLevelId=0x0, lpFileInformation=0x12a4dc44 | out: lpFileInformation=0x12a4dc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfef6ba80, ftCreationTime.dwHighDateTime=0x1d6b154, ftLastAccessTime.dwLowDateTime=0xa957ee0, ftLastAccessTime.dwHighDateTime=0x1d6b8b1, ftLastWriteTime.dwLowDateTime=0xa957ee0, ftLastWriteTime.dwHighDateTime=0x1d6b8b1, nFileSizeHigh=0x0, nFileSizeLow=0x14218)) returned 1 [0096.187] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Lyucj2S2OOss7KdI.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyucj2s2ooss7kdi.pptx")) returned 0x20 [0096.187] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Lyucj2S2OOss7KdI.pptx", dwFileAttributes=0x20) returned 1 [0096.187] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Lyucj2S2OOss7KdI.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyucj2s2ooss7kdi.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0096.187] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12a4de88 | out: lpMode=0x12a4de88) returned 0 [0096.187] GetFileType (hFile=0x308) returned 0x1 [0096.187] GetFileType (hFile=0x308) returned 0x1 [0096.187] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.187] ReadFile (in: hFile=0x308, lpBuffer=0x12810458, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a4dd14, lpOverlapped=0x0 | out: lpBuffer=0x12810458*, lpNumberOfBytesRead=0x12a4dd14*=0x4, lpOverlapped=0x0) returned 1 [0096.187] SystemFunction036 (in: RandomBuffer=0x12817108, RandomBufferLength=0x10 | out: RandomBuffer=0x12817108) returned 1 [0096.187] SystemFunction036 (in: RandomBuffer=0x12817118, RandomBufferLength=0x10 | out: RandomBuffer=0x12817118) returned 1 [0096.187] VirtualAlloc (lpAddress=0x12d62000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d62000 [0096.188] GetFileType (hFile=0x308) returned 0x1 [0096.188] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.188] ReadFile (in: hFile=0x308, lpBuffer=0x12d62000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a4de80, lpOverlapped=0x0 | out: lpBuffer=0x12d62000*, lpNumberOfBytesRead=0x12a4de80*=0x4000, lpOverlapped=0x0) returned 1 [0096.188] VirtualAlloc (lpAddress=0x12d66000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d66000 [0096.189] GetFileType (hFile=0x308) returned 0x1 [0096.189] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.189] WriteFile (in: hFile=0x308, lpBuffer=0x12d66000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a4de78, lpOverlapped=0x0 | out: lpBuffer=0x12d66000*, lpNumberOfBytesWritten=0x12a4de78*=0x4000, lpOverlapped=0x0) returned 1 [0096.189] GetFileType (hFile=0x308) returned 0x1 [0096.189] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a4de9c | out: lpNewFilePointer=0x0) returned 1 [0096.189] SystemFunction036 (in: RandomBuffer=0x12a7f201, RandomBufferLength=0x40 | out: RandomBuffer=0x12a7f201) returned 1 [0096.190] VirtualAlloc (lpAddress=0x12d6a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12d6a000 [0096.190] WriteFile (in: hFile=0x308, lpBuffer=0x128104b4*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x128104b4*, lpNumberOfBytesWritten=0x12a4dd88*=0x4, lpOverlapped=0x0) returned 1 [0096.190] WriteFile (in: hFile=0x308, lpBuffer=0x12a7f300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a4dd88, lpOverlapped=0x0 | out: lpBuffer=0x12a7f300*, lpNumberOfBytesWritten=0x12a4dd88*=0x100, lpOverlapped=0x0) returned 1 [0096.190] CloseHandle (hObject=0x308) returned 1 [0096.196] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Lyucj2S2OOss7KdI.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyucj2s2ooss7kdi.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Lyucj2S2OOss7KdI.pptx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyucj2s2ooss7kdi.pptx.crypted"), dwFlags=0x1) returned 1 [0096.197] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Lyucj2S2OOss7KdI.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyucj2s2ooss7kdi.pptx")) returned 0xffffffff [0096.197] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.220] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.250] SetEvent (hEvent=0x314) returned 1 [0096.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\N11qWtgLG.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\n11qwtglg.docx"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1dbf9a0, ftCreationTime.dwHighDateTime=0x1d70a43, ftLastAccessTime.dwLowDateTime=0x6cb9bea0, ftLastAccessTime.dwHighDateTime=0x1d70a51, ftLastWriteTime.dwLowDateTime=0x6cb9bea0, ftLastWriteTime.dwHighDateTime=0x1d70a51, nFileSizeHigh=0x0, nFileSizeLow=0x12060)) returned 1 [0096.251] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\N11qWtgLG.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\n11qwtglg.docx")) returned 0x20 [0096.251] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\N11qWtgLG.docx", dwFileAttributes=0x20) returned 1 [0096.251] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\N11qWtgLG.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\n11qwtglg.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0096.251] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0096.251] GetFileType (hFile=0x308) returned 0x1 [0096.251] GetFileType (hFile=0x308) returned 0x1 [0096.251] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.251] ReadFile (in: hFile=0x308, lpBuffer=0x1288a470, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a470*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0096.251] SystemFunction036 (in: RandomBuffer=0x12d17798, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17798) returned 1 [0096.251] SystemFunction036 (in: RandomBuffer=0x12d177a8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d177a8) returned 1 [0096.251] VirtualAlloc (lpAddress=0x12df8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12df8000 [0096.252] GetFileType (hFile=0x308) returned 0x1 [0096.252] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.252] ReadFile (in: hFile=0x308, lpBuffer=0x12df8000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12df8000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.252] VirtualAlloc (lpAddress=0x12dfc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x12dfc000 [0096.253] GetFileType (hFile=0x308) returned 0x1 [0096.253] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.253] WriteFile (in: hFile=0x308, lpBuffer=0x12dfc000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12dfc000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.253] GetFileType (hFile=0x308) returned 0x1 [0096.253] SetFilePointerEx (in: hFile=0x308, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.253] SystemFunction036 (in: RandomBuffer=0x12d9fd01, RandomBufferLength=0x40 | out: RandomBuffer=0x12d9fd01) returned 1 [0096.254] WriteFile (in: hFile=0x308, lpBuffer=0x1288a4cc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a4cc*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0096.254] WriteFile (in: hFile=0x308, lpBuffer=0x12d9fe00*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x12d9fe00*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0096.254] CloseHandle (hObject=0x308) returned 1 [0096.260] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\N11qWtgLG.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\n11qwtglg.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\N11qWtgLG.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\n11qwtglg.docx.crypted"), dwFlags=0x1) returned 1 [0096.261] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\N11qWtgLG.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\n11qwtglg.docx")) returned 0xffffffff [0096.261] SetEvent (hEvent=0x2ac) returned 1 [0096.261] VirtualFree (lpAddress=0x12c82000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.261] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VtkM6.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtkm6.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b04a3a0, ftCreationTime.dwHighDateTime=0x1d6c1f4, ftLastAccessTime.dwLowDateTime=0x56e99c80, ftLastAccessTime.dwHighDateTime=0x1d6e206, ftLastWriteTime.dwLowDateTime=0x56e99c80, ftLastWriteTime.dwHighDateTime=0x1d6e206, nFileSizeHigh=0x0, nFileSizeLow=0xbf6b)) returned 1 [0096.313] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VtkM6.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtkm6.xlsx")) returned 0x20 [0096.314] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VtkM6.xlsx", dwFileAttributes=0x20) returned 1 [0096.314] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VtkM6.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtkm6.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0096.314] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0096.314] GetFileType (hFile=0x304) returned 0x1 [0096.314] GetFileType (hFile=0x304) returned 0x1 [0096.314] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.314] ReadFile (in: hFile=0x304, lpBuffer=0x1288a4d4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a4d4*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0096.315] SystemFunction036 (in: RandomBuffer=0x12d178d8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d178d8) returned 1 [0096.315] SystemFunction036 (in: RandomBuffer=0x12d178e8, RandomBufferLength=0x10 | out: RandomBuffer=0x12d178e8) returned 1 [0096.315] GetFileType (hFile=0x304) returned 0x1 [0096.315] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.315] ReadFile (in: hFile=0x304, lpBuffer=0x12950000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12950000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.315] GetFileType (hFile=0x304) returned 0x1 [0096.315] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.315] WriteFile (in: hFile=0x304, lpBuffer=0x12956000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12956000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.315] GetFileType (hFile=0x304) returned 0x1 [0096.315] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.315] SystemFunction036 (in: RandomBuffer=0x128c4001, RandomBufferLength=0x40 | out: RandomBuffer=0x128c4001) returned 1 [0096.316] WriteFile (in: hFile=0x304, lpBuffer=0x1288a530*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a530*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0096.316] WriteFile (in: hFile=0x304, lpBuffer=0x128c4100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x128c4100*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0096.316] CloseHandle (hObject=0x304) returned 1 [0096.319] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VtkM6.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtkm6.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VtkM6.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtkm6.xlsx.crypted"), dwFlags=0x1) returned 1 [0096.320] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\VtkM6.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vtkm6.xlsx")) returned 0xffffffff [0096.323] VirtualFree (lpAddress=0x12c56000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.323] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.393] SetEvent (hEvent=0x200) returned 1 [0096.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nlgyKb7bVH6VfuCYA.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nlgykb7bvh6vfucya.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x12a6fc44 | out: lpFileInformation=0x12a6fc44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41e8eaa0, ftCreationTime.dwHighDateTime=0x1d6f70c, ftLastAccessTime.dwLowDateTime=0x7fd4b8a0, ftLastAccessTime.dwHighDateTime=0x1d70385, ftLastWriteTime.dwLowDateTime=0x7fd4b8a0, ftLastWriteTime.dwHighDateTime=0x1d70385, nFileSizeHigh=0x0, nFileSizeLow=0x6620)) returned 1 [0096.393] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nlgyKb7bVH6VfuCYA.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nlgykb7bvh6vfucya.xlsx")) returned 0x20 [0096.393] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nlgyKb7bVH6VfuCYA.xlsx", dwFileAttributes=0x20) returned 1 [0096.394] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nlgyKb7bVH6VfuCYA.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nlgykb7bvh6vfucya.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0096.394] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0x12a6fe88 | out: lpMode=0x12a6fe88) returned 0 [0096.394] GetFileType (hFile=0x304) returned 0x1 [0096.394] GetFileType (hFile=0x304) returned 0x1 [0096.394] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.394] ReadFile (in: hFile=0x304, lpBuffer=0x12900224, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12a6fd14, lpOverlapped=0x0 | out: lpBuffer=0x12900224*, lpNumberOfBytesRead=0x12a6fd14*=0x4, lpOverlapped=0x0) returned 1 [0096.394] SystemFunction036 (in: RandomBuffer=0x12c90de8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90de8) returned 1 [0096.394] SystemFunction036 (in: RandomBuffer=0x12c90df8, RandomBufferLength=0x10 | out: RandomBuffer=0x12c90df8) returned 1 [0096.394] GetFileType (hFile=0x304) returned 0x1 [0096.394] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.394] ReadFile (in: hFile=0x304, lpBuffer=0x129ae000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12a6fe80, lpOverlapped=0x0 | out: lpBuffer=0x129ae000*, lpNumberOfBytesRead=0x12a6fe80*=0x4000, lpOverlapped=0x0) returned 1 [0096.395] GetFileType (hFile=0x304) returned 0x1 [0096.395] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.395] WriteFile (in: hFile=0x304, lpBuffer=0x129b2000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12a6fe78, lpOverlapped=0x0 | out: lpBuffer=0x129b2000*, lpNumberOfBytesWritten=0x12a6fe78*=0x4000, lpOverlapped=0x0) returned 1 [0096.395] GetFileType (hFile=0x304) returned 0x1 [0096.395] SetFilePointerEx (in: hFile=0x304, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12a6fe9c | out: lpNewFilePointer=0x0) returned 1 [0096.395] SystemFunction036 (in: RandomBuffer=0x12c72f01, RandomBufferLength=0x40 | out: RandomBuffer=0x12c72f01) returned 1 [0096.395] WriteFile (in: hFile=0x304, lpBuffer=0x12900280*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12900280*, lpNumberOfBytesWritten=0x12a6fd88*=0x4, lpOverlapped=0x0) returned 1 [0096.395] WriteFile (in: hFile=0x304, lpBuffer=0x12c73000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12a6fd88, lpOverlapped=0x0 | out: lpBuffer=0x12c73000*, lpNumberOfBytesWritten=0x12a6fd88*=0x100, lpOverlapped=0x0) returned 1 [0096.396] CloseHandle (hObject=0x304) returned 1 [0096.397] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nlgyKb7bVH6VfuCYA.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nlgykb7bvh6vfucya.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nlgyKb7bVH6VfuCYA.xlsx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nlgykb7bvh6vfucya.xlsx.crypted"), dwFlags=0x1) returned 1 [0096.398] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nlgyKb7bVH6VfuCYA.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nlgykb7bvh6vfucya.xlsx")) returned 0xffffffff [0096.398] VirtualFree (lpAddress=0x12c54000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.398] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.467] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0096.478] SetEvent (hEvent=0xfc) returned 1 [0096.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vkTMaBRaJZ6X.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vktmabrajz6x.docx"), fInfoLevelId=0x0, lpFileInformation=0x12d89c44 | out: lpFileInformation=0x12d89c44*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc68f410, ftCreationTime.dwHighDateTime=0x1d7085d, ftLastAccessTime.dwLowDateTime=0xd21d5d50, ftLastAccessTime.dwHighDateTime=0x1d70a20, ftLastWriteTime.dwLowDateTime=0xd21d5d50, ftLastWriteTime.dwHighDateTime=0x1d70a20, nFileSizeHigh=0x0, nFileSizeLow=0xc377)) returned 1 [0096.478] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vkTMaBRaJZ6X.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vktmabrajz6x.docx")) returned 0x20 [0096.478] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vkTMaBRaJZ6X.docx", dwFileAttributes=0x20) returned 1 [0096.478] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vkTMaBRaJZ6X.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vktmabrajz6x.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0096.478] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0x12d89e88 | out: lpMode=0x12d89e88) returned 0 [0096.478] GetFileType (hFile=0x228) returned 0x1 [0096.478] GetFileType (hFile=0x228) returned 0x1 [0096.478] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0xfffffefc, lpNewFilePointer=0xffffffff, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0xffffffff) returned 1 [0096.479] ReadFile (in: hFile=0x228, lpBuffer=0x1288a59c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x12d89d14, lpOverlapped=0x0 | out: lpBuffer=0x1288a59c*, lpNumberOfBytesRead=0x12d89d14*=0x4, lpOverlapped=0x0) returned 1 [0096.479] SystemFunction036 (in: RandomBuffer=0x12d17b58, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17b58) returned 1 [0096.479] SystemFunction036 (in: RandomBuffer=0x12d17b68, RandomBufferLength=0x10 | out: RandomBuffer=0x12d17b68) returned 1 [0096.479] GetFileType (hFile=0x228) returned 0x1 [0096.479] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.479] ReadFile (in: hFile=0x228, lpBuffer=0x12a04000, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x12d89e80, lpOverlapped=0x0 | out: lpBuffer=0x12a04000*, lpNumberOfBytesRead=0x12d89e80*=0x4000, lpOverlapped=0x0) returned 1 [0096.482] GetFileType (hFile=0x228) returned 0x1 [0096.483] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.483] WriteFile (in: hFile=0x228, lpBuffer=0x12a08000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x12d89e78, lpOverlapped=0x0 | out: lpBuffer=0x12a08000*, lpNumberOfBytesWritten=0x12d89e78*=0x4000, lpOverlapped=0x0) returned 1 [0096.483] GetFileType (hFile=0x228) returned 0x1 [0096.483] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x12d89e9c | out: lpNewFilePointer=0x0) returned 1 [0096.483] SystemFunction036 (in: RandomBuffer=0x128c4601, RandomBufferLength=0x40 | out: RandomBuffer=0x128c4601) returned 1 [0096.483] WriteFile (in: hFile=0x228, lpBuffer=0x1288a5f8*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x1288a5f8*, lpNumberOfBytesWritten=0x12d89d88*=0x4, lpOverlapped=0x0) returned 1 [0096.484] WriteFile (in: hFile=0x228, lpBuffer=0x128c4700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x12d89d88, lpOverlapped=0x0 | out: lpBuffer=0x128c4700*, lpNumberOfBytesWritten=0x12d89d88*=0x100, lpOverlapped=0x0) returned 1 [0096.484] CloseHandle (hObject=0x228) returned 1 [0096.486] MoveFileExW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vkTMaBRaJZ6X.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vktmabrajz6x.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vkTMaBRaJZ6X.docx.crypted" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vktmabrajz6x.docx.crypted"), dwFlags=0x1) returned 1 [0096.486] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vkTMaBRaJZ6X.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vktmabrajz6x.docx")) returned 0xffffffff [0096.486] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) Process: id = "2" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x33b98000" os_pid = "0x490" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xbc4" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001d5b8" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 222 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 223 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 224 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 225 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 226 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 227 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 228 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 229 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 230 start_va = 0x7ff644730000 end_va = 0x7ff644740fff monitored = 0 entry_point = 0x7ff6447316b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 231 start_va = 0x7ff846350000 end_va = 0x7ff846510fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 232 start_va = 0xf0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 233 start_va = 0x7ff842b80000 end_va = 0x7ff842d67fff monitored = 0 entry_point = 0x7ff842baba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 234 start_va = 0x7ff844cb0000 end_va = 0x7ff844d5cfff monitored = 0 entry_point = 0x7ff844cc81a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 235 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 236 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 237 start_va = 0x600000 end_va = 0x6bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 238 start_va = 0x7ff845da0000 end_va = 0x7ff845e3cfff monitored = 0 entry_point = 0x7ff845da78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 239 start_va = 0x90000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 240 start_va = 0x6c0000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 241 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 242 start_va = 0x7ff82b710000 end_va = 0x7ff82b768fff monitored = 0 entry_point = 0x7ff82b71fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 243 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 244 start_va = 0x7ff845f80000 end_va = 0x7ff8461fcfff monitored = 0 entry_point = 0x7ff846054970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 245 start_va = 0x7ff844d60000 end_va = 0x7ff844e7bfff monitored = 0 entry_point = 0x7ff844da02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 246 start_va = 0x7ff842a00000 end_va = 0x7ff842a69fff monitored = 0 entry_point = 0x7ff842a36d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 247 start_va = 0x7ff844f90000 end_va = 0x7ff8450e5fff monitored = 0 entry_point = 0x7ff844f9a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 248 start_va = 0x7ff845260000 end_va = 0x7ff8453e5fff monitored = 0 entry_point = 0x7ff8452affc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 249 start_va = 0xe0000 end_va = 0xe6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 250 start_va = 0x7ff846200000 end_va = 0x7ff846342fff monitored = 0 entry_point = 0x7ff846228210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 251 start_va = 0x7ff845a10000 end_va = 0x7ff845a6afff monitored = 0 entry_point = 0x7ff845a238b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 252 start_va = 0x7ff845ec0000 end_va = 0x7ff845efafff monitored = 0 entry_point = 0x7ff845ec12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 253 start_va = 0x7ff845b20000 end_va = 0x7ff845be0fff monitored = 0 entry_point = 0x7ff845b40da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 254 start_va = 0x7ff83d5c0000 end_va = 0x7ff83d745fff monitored = 0 entry_point = 0x7ff83d60d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 255 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 256 start_va = 0x6c0000 end_va = 0x6c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 257 start_va = 0x830000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 258 start_va = 0x840000 end_va = 0x9c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 259 start_va = 0x9d0000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009d0000" filename = "" Region: id = 260 start_va = 0xb60000 end_va = 0x1f5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 261 start_va = 0x6d0000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 262 start_va = 0x6d0000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 263 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 264 start_va = 0x7ff842970000 end_va = 0x7ff8429bafff monitored = 0 entry_point = 0x7ff8429735f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 265 start_va = 0x7ff8429c0000 end_va = 0x7ff8429d3fff monitored = 0 entry_point = 0x7ff8429c52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 266 start_va = 0x7ff8429e0000 end_va = 0x7ff8429eefff monitored = 0 entry_point = 0x7ff8429e3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 267 start_va = 0x7ff842e20000 end_va = 0x7ff842e62fff monitored = 0 entry_point = 0x7ff842e34b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 268 start_va = 0x7ff842e70000 end_va = 0x7ff8434b3fff monitored = 0 entry_point = 0x7ff8430364b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 269 start_va = 0x7ff843690000 end_va = 0x7ff843744fff monitored = 0 entry_point = 0x7ff8436d22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 270 start_va = 0x7ff843750000 end_va = 0x7ff844caefff monitored = 0 entry_point = 0x7ff8438b11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 271 start_va = 0x7ff845950000 end_va = 0x7ff8459a1fff monitored = 0 entry_point = 0x7ff84595f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 272 start_va = 0x7ff845a70000 end_va = 0x7ff845b16fff monitored = 0 entry_point = 0x7ff845a858d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 273 start_va = 0x7ff8412f0000 end_va = 0x7ff841385fff monitored = 0 entry_point = 0x7ff841315570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 274 start_va = 0x1f60000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 275 start_va = 0x20e0000 end_va = 0x2416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 276 start_va = 0x2420000 end_va = 0x263ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002420000" filename = "" Region: id = 277 start_va = 0x2640000 end_va = 0x285dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002640000" filename = "" Region: id = 278 start_va = 0x1f60000 end_va = 0x2074fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f60000" filename = "" Region: id = 279 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 280 start_va = 0x2860000 end_va = 0x2a7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 281 start_va = 0x2a80000 end_va = 0x2b8afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 282 start_va = 0x710000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 283 start_va = 0x7ff8450f0000 end_va = 0x7ff845249fff monitored = 0 entry_point = 0x7ff8451338e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 284 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 285 start_va = 0x2b90000 end_va = 0x2c4bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002b90000" filename = "" Region: id = 286 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 287 start_va = 0x7ff840ba0000 end_va = 0x7ff840bc1fff monitored = 0 entry_point = 0x7ff840ba1a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 288 start_va = 0x7ff83d570000 end_va = 0x7ff83d582fff monitored = 0 entry_point = 0x7ff83d572760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 289 start_va = 0x7ff8424a0000 end_va = 0x7ff8424f5fff monitored = 0 entry_point = 0x7ff8424b0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 290 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 291 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 292 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 293 start_va = 0x750000 end_va = 0x754fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 294 start_va = 0x760000 end_va = 0x760fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 295 start_va = 0x770000 end_va = 0x771fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 296 start_va = 0x2c50000 end_va = 0x2e45fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c50000" filename = "" Region: id = 297 start_va = 0x7ff83ef20000 end_va = 0x7ff83f193fff monitored = 0 entry_point = 0x7ff83ef90400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 298 start_va = 0x780000 end_va = 0x780fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 299 start_va = 0x790000 end_va = 0x791fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 300 start_va = 0x2e50000 end_va = 0x2f2cfff monitored = 0 entry_point = 0x2eae0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 301 start_va = 0x780000 end_va = 0x780fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 302 start_va = 0x2e50000 end_va = 0x2f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e50000" filename = "" Region: id = 303 start_va = 0x2f50000 end_va = 0x314efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002f50000" filename = "" Thread: id = 2 os_tid = 0x4b8 Thread: id = 3 os_tid = 0xbf0 Thread: id = 4 os_tid = 0x9ac Thread: id = 5 os_tid = 0xe94